rpms
/
krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

Commit Graph

  • af9bedd61a - stop exporting kadmin keys to a keytab file when kadmind starts -- the daemon's been able to use the database directly for a long long time now - belatedly add aes128,aes256 to the default set of supported key types Nalin Dahyabhai 2008-04-04 21:29:53 +0000
  • f56b6ee2db bump for build Nalin Dahyabhai 2008-04-01 20:54:54 +0000
  • ddde7d0f6e - libgssapi_krb5: properly export the acceptor subkey when creating a lucid context (Kevin Coffman, via the nfs4 mailing list) Nalin Dahyabhai 2008-04-01 20:53:54 +0000
  • 7668599d1d - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, #432620, #432621) - add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when high-numbered descriptors are used (CVE-2008-0947, #433596) - add backport bug fix for an attempt to free non-heap memory in libgssapi_krb5 (CVE-2007-5901, #415321) - add backport bug fix for a double-free in out-of-memory situations in libgssapi_krb5 (CVE-2007-5971, #415351) Nalin Dahyabhai 2008-03-18 18:13:22 +0000
  • e7e5a76eb7 - remove a couple of hunks where on third look we don't need to be using WRITABLEFOPEN instead of fopen, because the mode doesn't include writing Nalin Dahyabhai 2008-03-18 15:49:52 +0000
  • 638efe585f - rework file labeling patch to not depend on fragile preprocessor trickery, in another attempt at fixing #428355 and friends Nalin Dahyabhai 2008-03-18 15:35:39 +0000
  • 723980d239 bump release number for rebuild Nalin Dahyabhai 2008-02-26 21:48:24 +0000
  • d4963922a8 - ftp: add patch to fix "runique on" case when globbing fixes applied - stop adding a redundant but harmless call to initialize the gssapi internals Nalin Dahyabhai 2008-02-26 21:18:38 +0000
  • 2a567feda3 - add the bug ID, close the bug Nalin Dahyabhai 2008-02-25 20:55:41 +0000
  • d5971d2776 - add patch to suppress double-processing of /etc/krb5.conf when we build with --sysconfdir=/etc, thereby suppressing double-logging (#231147) Nalin Dahyabhai 2008-02-25 20:53:41 +0000
  • d73fcc15fb - remove a patch to fix problems with interfaces which are "up" but which have no address assigned which conflicted with a change to fix the same problem in 1.5 (#200979) Nalin Dahyabhai 2008-02-25 19:58:51 +0000
  • 2cc4303bbc - ftp: don't lose track of a descriptor on passive get when the server fails to open a file Nalin Dahyabhai 2008-02-25 19:50:42 +0000
  • a7d42c7b03 - in login, allow PAM to interact with the user when they've been strongly authenticated - in login, signal PAM when we're changing an expired password that it's an expired password, so that when cracklib flags a password as being weak it's treated as an error even if we're running as root Nalin Dahyabhai 2008-02-25 18:33:34 +0000
  • ea9df965b8 comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'. RT#5891 Nalin Dahyabhai 2008-02-25 18:32:02 +0000
  • 8e9e1c07b0 - drop netdb patch - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce) Nalin Dahyabhai 2008-02-18 18:44:39 +0000
  • d64960eca0 - the constants are now provided even without __USE_GNU, so no need for this Nalin Dahyabhai 2008-02-18 16:54:29 +0000
  • a77ce35c52 - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for us Nalin Dahyabhai 2008-02-13 23:10:32 +0000
  • 820100e165 - wow, fix a syntax error Nalin Dahyabhai 2008-02-12 21:03:29 +0000
  • 7ccda19051 - a second approach proposed in RT Nalin Dahyabhai 2008-02-12 16:28:13 +0000
  • e4d2a874a4 - enable patch for key-expiration reporting - enable patch to make kpasswd fall back to TCP if UDP fails - enable patch to make kpasswd use the right sequence number on retransmit - enable patch to allow mech-specific creds delegated under spnego to be found when searching for creds Nalin Dahyabhai 2008-02-12 16:22:38 +0000
  • 3d4d8cf991 - note RT numbers for reference - include but don't apply the other suggested patch for kpasswd-doesn't-use-tcp Nalin Dahyabhai 2008-01-23 18:27:03 +0000
  • dcfbb5995a - revise to reference a different patch which we also don't apply Nalin Dahyabhai 2008-01-03 16:51:53 +0000
  • 3a41ec53ed - less invasive approach to letting kpasswd hit tcp-only servers Nalin Dahyabhai 2008-01-03 16:51:16 +0000
  • f25a7f96a5 - reference unapplied patch to fix password-changing with servers other than the first one we try to contact - reference bug 242502 (rawhide) instead of 242500 (rhel) Nalin Dahyabhai 2008-01-03 15:47:35 +0000
  • 1343fd1973 - bump the release Nalin Dahyabhai 2008-01-02 17:06:19 +0000
  • 48872e3b7b - right, new year Nalin Dahyabhai 2008-01-02 17:05:02 +0000
  • f072055a76 - some init script cleanups - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500) - krb524: don't barf on missing database if it looks like we're using kldap, same as for kadmin - return non-zero status for missing files which cause startup to fail Nalin Dahyabhai 2008-01-02 17:03:38 +0000
  • 0aaa920daa - allocate space for the nul-terminator in the local pathname when looking up a file context, and properly free a previous context (Jose Plans, #426085) Nalin Dahyabhai 2007-12-18 18:34:06 +0000
  • ea868608c1 rebuild Nalin Dahyabhai 2007-12-05 15:21:20 +0000
  • 6c3186e173 note the CVE for needing the revised patch Nalin Dahyabhai 2007-11-13 21:58:04 +0000
  • 4ba98f8eab add duplicate bug id Nalin Dahyabhai 2007-11-13 21:41:20 +0000
  • acf89fe1da note the RT number Nalin Dahyabhai 2007-11-09 15:40:20 +0000
  • 276a481e88 - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 and CVE-2007-4000 (the new pkinit module is built conditionally and goes into the -pkinit-openssl package, at least for now, to make a buildreq loop with openssl avoidable) Nalin Dahyabhai 2007-10-23 19:40:45 +0000
  • a0f391756d - make proper use of pam_loginuid and pam_selinux in rshd and ftpd Nalin Dahyabhai 2007-10-17 17:48:52 +0000
  • 345c67344c makefile update to properly grab makefile.common Bill Nottingham 2007-10-15 18:56:42 +0000
  • 528eff0ac5 - make krb5.conf %%verify(not md5 size mtime) in addition to %%config(noreplace), like /etc/nsswitch.conf (#329811) Nalin Dahyabhai 2007-10-12 18:32:28 +0000
  • 6e3299423a - proposed fix for not being able to find delegated krb5 creds when using spnego Nalin Dahyabhai 2007-10-04 22:08:39 +0000
  • 359196dde6 - revert to the version that hit upstream SVN Nalin Dahyabhai 2007-10-04 21:44:02 +0000
  • 1bb4c4c0c2 - reflect the adjustment just submitted to upstream RT #5802 Nalin Dahyabhai 2007-10-01 21:39:09 +0000
  • 1dd0ff3e30 - proposed patch to fix receipt of delegated creds in mod_auth_kerb Nalin Dahyabhai 2007-10-01 19:40:47 +0000
  • 14a08486e8 - add the bug ID to the kadmind fixes, note Fran's patch was identical to the one I thought we were already using in the F-7 branch Nalin Dahyabhai 2007-09-17 20:47:02 +0000
  • 995166d33c - undef functions that we override before redefining them; ultimately this will have to be completely reworked to not use preprocessor magic because it's gotten way uglier than originally planned Nalin Dahyabhai 2007-09-17 20:46:21 +0000
  • 2688de92f1 - move the db2 kdb plugin from -server to -libs, because a multilib libkdb might need it Nalin Dahyabhai 2007-09-11 20:52:15 +0000
  • f330d3856e - don't exit if we have a kldap db Nalin Dahyabhai 2007-09-11 19:03:15 +0000
  • 83381c77e7 - also perform PAM session and credential management when ftpd accepts a client using strong authentication, missed earlier - also label kadmind log files and files created by the db2 plugin Nalin Dahyabhai 2007-09-11 14:12:38 +0000
  • 71c80f37b5 - also label kadmind log files and files created by the db2 plugin Nalin Dahyabhai 2007-09-11 14:12:03 +0000
  • c6b195a8d3 - ftpd: also do PAM management for clients who use strong authentication Nalin Dahyabhai 2007-09-11 14:11:22 +0000
  • 8684e97aa9 bye-bye obsolete patch Nalin Dahyabhai 2007-09-06 21:03:00 +0000
  • 78cfdd7edb - incorporate updated fix for CVE-2007-3999 Nalin Dahyabhai 2007-09-06 20:20:55 +0000
  • 251df090d0 bump the revision Nalin Dahyabhai 2007-09-06 20:09:14 +0000
  • 07adde54fa - incorporate updated fix for CVE-2007-3999 Nalin Dahyabhai 2007-09-06 20:08:19 +0000
  • c4bb3c531c - fix incorrect call to test in the kadmin init script Nalin Dahyabhai 2007-09-06 20:07:18 +0000
  • b54c6a0718 - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000) Nalin Dahyabhai 2007-09-04 18:10:23 +0000
  • 9866e02a96 - Do what the rfc says we should do, rather than what the error message suggests we're doing. Nalin Dahyabhai 2007-09-04 16:34:44 +0000
  • 929680a650 add missing gawk buildrequirement Nalin Dahyabhai 2007-08-25 05:12:34 +0000
  • 8499d2199c - actually bump the release number Nalin Dahyabhai 2007-08-25 04:33:13 +0000
  • 5502d6651d - cover more cases in labeling files on creation Nalin Dahyabhai 2007-08-25 04:31:34 +0000
  • e0443e5457 - experimental ok-as-delegate setting patch (not applied) Nalin Dahyabhai 2007-08-25 04:28:10 +0000
  • 79f8a98d4f rebuild Nalin Dahyabhai 2007-08-23 20:50:42 +0000
  • 2f7dffc0f3 - include but don't apply Nalin Dahyabhai 2007-07-26 19:08:20 +0000
  • 7f381af05d - test patch for login chdir when $HOME is on root-squashed nfs Nalin Dahyabhai 2007-07-26 19:07:22 +0000
  • c7cc1d7d29 - test patch for password expiration reporting Nalin Dahyabhai 2007-07-26 19:06:51 +0000
  • fbe8865459 - kdc.conf: default to listening for TCP clients, too (#248415) Nalin Dahyabhai 2007-07-26 18:36:57 +0000
  • 34ce3fe705 - add a preliminary patch for #231147. initially not applied. Nalin Dahyabhai 2007-07-23 21:01:33 +0000
  • c0cd730c79 - update to 1.6.2 - add "buildrequires: texinfo-tex" to get texi2pdf Nalin Dahyabhai 2007-07-19 16:50:28 +0000
  • 56d1413f95 - truncate the echoed string at the newline, not at the first non-cr/lf Nalin Dahyabhai 2007-07-17 21:02:32 +0000
  • 147635188d add CVE identifiers to the more recent changelog Nalin Dahyabhai 2007-06-27 18:39:06 +0000
  • cd3f50fb19 - incorporate fixes for MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 Nalin Dahyabhai 2007-06-27 06:08:01 +0000
  • 196ea67f06 - add missing pam-devel build requirement, force selinux-or-fail build Nalin Dahyabhai 2007-06-25 01:16:51 +0000
  • cb76d1ea2b rebuild Nalin Dahyabhai 2007-06-25 00:56:37 +0000
  • d360ed53e4 - label all files at creation-time according to the SELinux policy (#228157) Nalin Dahyabhai 2007-06-25 00:55:25 +0000
  • 29d9e8c00d - apply a label to all files upon creation Nalin Dahyabhai 2007-06-25 00:54:13 +0000
  • 5899ab24a3 - also don't error out in the --disable-shared case, which while it doesn't actually build to completion, is pretty handy for testing build changes Nalin Dahyabhai 2007-06-25 00:52:53 +0000
  • dbbe71ef2d - adjust the login-specific bits for changes which were made for ftpd Nalin Dahyabhai 2007-06-25 00:50:30 +0000
  • 8f7d649fe0 - that should work better Nalin Dahyabhai 2007-06-22 23:21:07 +0000
  • e773dcc288 - um, maybe not just yet Nalin Dahyabhai 2007-06-22 22:33:07 +0000
  • 2ecf4e22d8 nope, we don't provide that file Nalin Dahyabhai 2007-06-22 22:15:03 +0000
  • 70ccd082ae - oops, note that pam changes went in, too Nalin Dahyabhai 2007-06-22 22:10:15 +0000
  • 117cdbbea7 - preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well Nalin Dahyabhai 2007-06-22 22:06:27 +0000
  • 37416c24a6 - switch man pages to being generated with the right paths in them - drop old, incomplete SELinux patch - add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that keytab routines do (#241805) Nalin Dahyabhai 2007-06-22 22:04:38 +0000
  • 513d8d8504 - patch to make srvtab routines report missing-file errors at the same point that the keytab routines do Nalin Dahyabhai 2007-06-22 22:03:42 +0000
  • 547fdc81db - PAM support for rshd, login (used by telnet and rlogind), and ftpd Nalin Dahyabhai 2007-06-22 22:03:14 +0000
  • 3f47a21b9d - filename listing all of the man pages in the source tree, so that the .spec file can rename them from $foo to $foo.in - patch to replace absolute paths in man pages with configure-based values, and to generate man pages Nalin Dahyabhai 2007-06-22 22:02:16 +0000
  • b892316bf5 - actually use a configuration file that's not login's as a template Nalin Dahyabhai 2007-06-22 22:00:29 +0000
  • 7f177b9be9 - PAM configuration for ftpd Nalin Dahyabhai 2007-06-22 21:57:16 +0000
  • 5627f959d0 - PAM configuration for krshd when encryption is being used Nalin Dahyabhai 2007-06-22 21:56:56 +0000
  • 0ac131442d - PAM configuration for krshd when encryption is not being used Nalin Dahyabhai 2007-06-22 21:56:36 +0000
  • ad9d82cb5c - pull patch from svn to undo unintentional chattiness in ftp - pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they're expected Nalin Dahyabhai 2007-05-24 15:43:24 +0000
  • d36d579aba - patch from svn to fixup a couple of get_init_creds_opt problems Nalin Dahyabhai 2007-05-24 15:41:33 +0000
  • 40bfa86a85 - patch from svn to fix debug spew in ftp Nalin Dahyabhai 2007-05-24 15:41:11 +0000
  • 3f30bc2d6d bump release number Nalin Dahyabhai 2007-05-23 22:06:26 +0000
  • 7877c27fc3 - bump to 1.6.1 Nalin Dahyabhai 2007-05-23 21:48:27 +0000
  • 15a4beabc5 - obsolete by 1.6.1 release Nalin Dahyabhai 2007-05-23 21:48:08 +0000
  • c0edd9e442 - obsoleted by krb5-1.6-manpage-paths.patch Nalin Dahyabhai 2007-05-23 21:47:42 +0000
  • 65b44dedbe - experimental patch to ignore empty values for various environment values Nalin Dahyabhai 2007-05-23 21:46:54 +0000
  • 5aa33883de - as before, but get the location of the kpropd acl file correct Nalin Dahyabhai 2007-05-23 21:39:31 +0000
  • a9c20b1574 - kadmind.init: don't fail outright if the default principal database isn't there if it looks like we might be using the kldap plugin - kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab Nalin Dahyabhai 2007-05-18 22:16:16 +0000
  • ea9e19241a - omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and they're not part of the libkrb5 interface (patch by Rex Dieter, #240220) (strips out libkeyutils, libresolv, libdl) Nalin Dahyabhai 2007-05-16 19:48:19 +0000
  • a7114b4891 - pull in keyutils as a build requirement to get the "KEYRING:" ccache type, because we've merged Nalin Dahyabhai 2007-05-04 19:03:00 +0000
  • a321e486d2 - fix an uninitialized length value which could cause a crash when parsing key data coming from a directory server - correct a typo in the krb5.conf man page ("ldap_server"->"ldap_servers") Nalin Dahyabhai 2007-05-04 18:10:01 +0000