diff options
| author | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 07:09:20 +0000 |
|---|---|---|
| committer | cvsdist <cvsdist@fedoraproject.org> | 2004-09-09 07:09:20 +0000 |
| commit | ff204a4ecb84a8345efe81b8fc741a268fff71cc (patch) | |
| tree | 119d44ebe7090eac9904e87d028aacfa0155eeed /krb5-1.2.7-reject-bad-transited.patch | |
| parent | b38aa43e89c4c8a44b41638799c3b6866df6dc08 (diff) | |
| download | krb5-ff204a4ecb84a8345efe81b8fc741a268fff71cc.tar.gz krb5-ff204a4ecb84a8345efe81b8fc741a268fff71cc.tar.xz krb5-ff204a4ecb84a8345efe81b8fc741a268fff71cc.zip | |
auto-import changelog data from krb5-1.2.2-24.src.rpmkrb5-1_2_2-24RHL-7_2-split
Fri Mar 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-24
- fix double-free of enc_part2 in krb524d
- update to latest patch kit for MITKRB5-SA-2003-004
Thu Mar 20 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-23
- make the default kdc.conf list the same enctypes we use for 1.2.7
Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-22
- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028)
Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-21
- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and
CAN-2003-0139)
Thu Mar 06 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-20
- fix buffer underrun in unparsing certain principals (CAN-2003-0082)
Wed Feb 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-19
- add patch to fix server-side crashes when principals have no components
(CAN-2003-0072)
Mon Feb 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-18
- add patch from Matt Crawford for encoding transited realms properly
Wed Feb 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-17
- sync compiler flags for configure and make with other versions
Tue Feb 04 2003 Nalin Dahyabhai <nalin@redhat.com>
- add patch to document the reject-bad-transited option in kdc.conf
- add backported symbol namespacing fix from 1.2.3 to clear up clashes with
glib
- add backported fix for hangs in kadmin client when principal contains an
escaped @ symbol
Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- add candidate backports for CAN-2002-0036, CAN-2002-058, CAN-2002-059
(CAN-2002-060 was fixed in 1.1.1-7 or so)
Thu Jan 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-16
- add patch from Mark Cox for exploitable bugs in ftp client
- add patch to avoid buffer read overruns when configuring via DNS
- add patch to properly include <errno.h>
Diffstat (limited to 'krb5-1.2.7-reject-bad-transited.patch')
| -rw-r--r-- | krb5-1.2.7-reject-bad-transited.patch | 18 |
1 files changed, 18 insertions, 0 deletions
diff --git a/krb5-1.2.7-reject-bad-transited.patch b/krb5-1.2.7-reject-bad-transited.patch new file mode 100644 index 0000000..b4c26b0 --- /dev/null +++ b/krb5-1.2.7-reject-bad-transited.patch @@ -0,0 +1,18 @@ +--- krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:21.000000000 -0500 ++++ krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:11.000000000 -0500 +@@ -138,6 +138,15 @@ + strings specifies the default key/salt combinations of principals for this + realm. + ++.IP reject_bad_transit ++This ++.B boolean string ++specifies whether or not the KDC should reject cross-realm TGS requests if the ++request's list of transited realms names realms which would not be included ++in the transit path if the path were to be computed using the KDC's krb5.conf ++file, or if the client requests that the KDC not perform such a check. The ++default is for this option to be enabled. ++ + .SH FILES + /usr/local/lib/krb5kdc/kdc.conf + |