diff options
author | Nalin Dahyabhai <nalin@redhat.com> | 2014-09-05 15:45:38 -0400 |
---|---|---|
committer | Nalin Dahyabhai <nalin@redhat.com> | 2014-09-05 18:18:58 -0400 |
commit | f69697ba82697909efed00f34c51901f881e1989 (patch) | |
tree | cec4d1c74331270ec6d4c7c5d49726c2c10f60a8 /krb5.spec | |
parent | a05b95f5142d935c918cc0ecffdef6d6e09a7052 (diff) | |
download | krb5-f69697ba82697909efed00f34c51901f881e1989.tar.gz krb5-f69697ba82697909efed00f34c51901f881e1989.tar.xz krb5-f69697ba82697909efed00f34c51901f881e1989.zip |
Backport skipping kpasswd reply address checks
- backport patch to make the client skip checking the server's reply
address when processing responses to password-change requests, which
between NAT and upcoming HTTPS support, can cause us to erroneously
report an error to the user when the server actually reported success
(RT #7886)
Diffstat (limited to 'krb5.spec')
-rw-r--r-- | krb5.spec | 12 |
1 files changed, 11 insertions, 1 deletions
@@ -41,7 +41,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.12.2 -Release: 5%{?dist} +Release: 6%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12.2-signed.tar Source0: krb5-%{version}.tar.gz @@ -108,6 +108,7 @@ Patch204: 0004-Make-ksu-respect-the-default_ccache_name-setting.patch Patch205: 0005-Copy-config-entries-to-the-ksu-target-ccache.patch Patch206: 0006-Use-more-randomness-for-ksu-secondary-cache-names.patch Patch207: 0007-Make-krb5_cc_new_unique-create-DIR-directories.patch +Patch300: krb5-1.12-kpasswd-skip-address-check.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -318,6 +319,8 @@ ln -s NOTICE LICENSE %patch206 -p1 -b .Use-more-randomness-for-ksu-secondary-cache-names %patch207 -p1 -b .Make-krb5_cc_new_unique-create-DIR-directories +%patch300 -p1 -b .kpasswd-skip-address-check + %patch1 -p1 -b .pwdch-fast %patch60 -p1 -b .pam @@ -1027,6 +1030,13 @@ exit 0 %{_sbindir}/uuserver %changelog +* Fri Sep 5 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.2-6 +- backport patch to make the client skip checking the server's reply + address when processing responses to password-change requests, which + between NAT and upcoming HTTPS support, can cause us to erroneously + report an error to the user when the server actually reported success + (RT #7886) + * Thu Aug 28 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.2-5 - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1078888) |