summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Switch to the upstream patch for #1029110krb5-1.11.3-31.fc21krb5-1.11.3-31.fc20Nalin Dahyabhai2013-11-122-9/+18
| | | | | Switch to the simplified version of the patch for #1029110 that ended up being committed upstream (RT#7764).
* Fix a typo in a changelog entrykrb5-1.11.3-30.fc21krb5-1.11.3-30.fc20Nalin Dahyabhai2013-11-111-1/+1
|
* Catch more strtol() failures when using KEYRINGsNalin Dahyabhai2013-11-112-1/+43
| | | | | | - check more thorougly for errors when resolving KEYRING ccache names of type "persistent", which should only have a numeric UID as the next part of the name (#1029110)
* Point to the RT for the patch for the right branchkrb5-1.11.3-29.fc21krb5-1.11.3-29.fc20Nalin Dahyabhai2013-11-051-2/+2
|
* Switch to 1.11 backport of the CVE-2013-1418 patchNalin Dahyabhai2013-11-041-11/+11
|
* Incorporate patch for RT#7755 (CVE-2013-1418)Nalin Dahyabhai2013-11-042-1/+42
| | | | | - incorporate upstream patch for remote crash of KDCs which serve multiple realms simultaneously (RT#7755, CVE-2013-1418)
* Drop call-access()-more patch for ksuNalin Dahyabhai2013-11-042-50/+6
| | | | | | - drop patch to add additional access() checks to ksu - they add to breakage when non-FILE: caches are in use (#1026099), shouldn't be resulting in any benefit, and clash with proposed changes to fix its cache handling
* Expand on comments in the daemon wrapper scriptskrb5-1.11.3-27.fc21krb5-1.11.3-27.fc20Nalin Dahyabhai2013-10-223-1/+13
| | | | | - add some minimal description to the top of the wrapper scripts we use when starting krb5kdc and kadmind to describe why they exist (tooling)
* Create and own /etc/gss (#1019937)krb5-1.11.3-26.fc21krb5-1.11.3-26.fc20Nalin Dahyabhai2013-10-161-1/+10
|
* Pull up fix for reimporting ccaches in gssapikrb5-1.11.3-25.fc21krb5-1.11.3-25.fc20Nalin Dahyabhai2013-10-152-1/+138
| | | | | - pull up fix for importing previously-exported credential caches in the gssapi library (RT# 7706, #1019420)
* Finish fixing the don't-call-NULL-prompters bugkrb5-1.11.3-24.fc21krb5-1.11.3-24.fc20Nalin Dahyabhai2013-10-142-0/+58
| | | | - extract the rest of the fix #965721/#1016690 from the changes for RT#7680
* Use the prompter callback for PEM filesNalin Dahyabhai2013-10-142-1/+98
| | | | | - backport the callback to use the libkrb5 prompter when we can't load PEM files for PKINIT (RT#7590, includes part of #965721/#1016690)
* fix trigger's invocation of sed (#1016945)Nalin Dahyabhai2013-10-141-2/+5
| | | | - fix trigger scriptlet's invocation of sed (#1016945)
* - rebuild with keyutils 1.5.8 (part of #1012043)krb5-1.11.3-22.fc21Nalin Dahyabhai2013-10-041-3/+6
| | | | | | | | Rebuild against a keyutils which tags the new symbols we're using with a newer symbol version, so that RPM can tell the difference between versions of the package which contain a shared library that doesn't include them and versions of the package which contain a shared library which does.
* Updated persistent-keyring changes, set as defaultkrb5-1.11.3-21.fc21krb5-1.11.3-21.fc20Nalin Dahyabhai2013-10-024-1091/+1923
| | | | | | - switch to the version of persistent-keyring that was just merged to master (RT#7711), along with related changes to kinit (RT#7689) - go back to setting default_ccache_name to a KEYRING type
* pull up fix to call kdb check-transited-path firstkrb5-1.11.3-20.fc21krb5-1.11.3-20.fc20Nalin Dahyabhai2013-09-302-1/+64
| | | | | | - pull up fix for not calling a kdb plugin's check-transited-path method before calling the library's default version, which only knows how to read what's in the configuration file (RT#7709, #1013664)
* configure --without-krb5-configkrb5-1.11.3-19.fc21krb5-1.11.3-19.fc20Nalin Dahyabhai2013-09-261-1/+7
| | | | | | - configure --without-krb5-config so that we don't pull in the old default ccache name when we want to stop setting a default ccache name at configure- time
* - fix broken dependency on awk (rdieter)krb5-1.11.3-18.fc21krb5-1.11.3-18.fc20Nalin Dahyabhai2013-09-251-2/+5
| | | | - fix broken dependency on awk (should be gawk, rdieter)
* add missing dependency on newer keyutils-libskrb5-1.11.3-17.fc21krb5-1.11.3-17.fc20Nalin Dahyabhai2013-09-251-2/+6
| | | | - add missing dependency on newer keyutils-libs (#1012034)
* Back to DIR: caches by default, for nowkrb5-1.11.3-16.fc21krb5-1.11.3-16.fc20Nalin Dahyabhai2013-09-241-14/+34
| | | | | - back out setting default_ccache_name to the new default for now, resetting it to the old default while the kernel/keyutils bits get sorted (sgallagh)
* buildrequire the newest keyutilskrb5-1.11.3-15.fc21krb5-1.11.3-15.fc20Nalin Dahyabhai2013-09-231-2/+6
| | | | | - add explicit build-time dependency on a version of keyutils that's new enough to include keyctl_get_persistent() (more of #991148)
* pull in an updated persistent_keyring.patchkrb5-1.11.3-14.fc21krb5-1.11.3-14.fc20Nalin Dahyabhai2013-09-192-188/+184
| | | | | - incorporate Simo's updated backport of his updated persistent-keyring changes (more of #991148)
* Don't break during %%check with revoked keyringskrb5-1.11.3-13.fc21krb5-1.11.3-13.fc20Nalin Dahyabhai2013-09-131-6/+10
| | | | | If the session keyring is revoked, we'll to walk the ccache collections. Work around that so that we don't have to go and disable more tests.
* pull the newer F21 defaults back to F20 (sgallagh)krb5-1.11.3-12.fc21krb5-1.11.3-12.fc20Nalin Dahyabhai2013-09-131-4/+7
|
* Only create /run/user/0 on releases where we use itNalin Dahyabhai2013-09-091-0/+7
| | | | | - only apply the patch to autocreate /run/user/0 when we're hard-wiring the default ccache location to be under it; otherwise it's unnecessary
* Don't pass a "script" to ldconfigkrb5-1.11.3-11.fc21Nalin Dahyabhai2013-09-091-3/+7
| | | | | - don't let comments intended for one scriptlet become part of the "script" that gets passed to ldconfig as part of another one (Mattias Ellert, #1005675)
* Conditional triggerun to set default_ccache_namekrb5-1.11.3-10.fc21Nalin Dahyabhai2013-09-061-0/+36
| | | | | | | - on releases where we expect krb5.conf to be configured with a default_ccache_name, add it whenever we upgrade from an older version of the package that wouldn't have included it in its default configuration file (#991148)
* Set the default ccname via config, not at buildNalin Dahyabhai2013-09-061-3/+25
| | | | | - restore build-time default DEFCCNAME on Fedora 21 and later and EL, and instead set it in the default krb5.conf's [libdefaults] section (#991148)
* - restore build-time default DEFCCNAME on F21, ELNalin Dahyabhai2013-09-061-1/+2
| | | | - restore build-time default DEFCCNAME on Fedora 21 and later and EL (#991148)
* - incorporate backported persistent-keyring (Simo)Nalin Dahyabhai2013-09-062-1/+2806
| | | | - incorporate Simo's backport of his persistent-keyring changes (#991148)
* ship an nss_wrappers snapshot, not a git repokrb5-1.11.3-9.fc21krb5-1.11.3-9.fc20krb5-1.11.3-9.fc19Nalin Dahyabhai2013-08-233-2/+6
| | | | | | - switch to just the snapshot of nss_wrapper we were using, since we no longer need to carry anything that isn't in the cwrap.org repository (ssorce)
* UnversionedDocdirs, take twoNalin Dahyabhai2013-08-231-5/+9
| | | | | - take another stab at accounting for UnversionedDocdirs for the -libs subpackage (spotted by ssorce)
* Do the horrible hostname check _before_ faking itNalin Dahyabhai2013-08-151-6/+7
|
* Fix error detection when starting kpropd/kadmindkrb5-1.11.3-8.fc20krb5-1.11.3-8.fc19Nalin Dahyabhai2013-08-155-7/+41
| | | | | | | | | - drop a patch we're not applying - wrap kadmind and kpropd in scripts which check for the presence/absence of files which dictate particular exit codes before exec'ing the actual binaries, instead of trying to use ConditionPathExists in the unit files to accomplish that, so that we exit with failure properly when what we expect isn't actually in effect on the system (#800343)
* Assume 32 when __isa_bits isn't definedkrb5-1.11.3-7.fc20Nalin Dahyabhai2013-07-291-1/+1
|
* fixup for UnversionedDocdirsNalin Dahyabhai2013-07-291-3/+10
| | | | - attempt to account for UnversionedDocdirs for the -libs subpackage
* tweak configs used by testskrb5-1.11.3-6.fc19Nalin Dahyabhai2013-07-263-16/+82
| | | | | | - tweak configuration files used during tests to try to reduce the number of conflicts encountered when builds for multiple arches land on the same builder
* Backport from RT#7682Nalin Dahyabhai2013-07-223-1/+85
| | | | - pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565)
* Add that missing new source fileNalin Dahyabhai2013-07-192-0/+87
|
* Use LD_PRELOAD to be able to run more self-testsNalin Dahyabhai2013-07-192-6/+42
| | | | | | Use nss_wrapper (from cwrap.org) to be able to run more of the self-tests during %%check. Help it along a little bit by being more emphatic about cutting off access to DNS.
* Use %%{?_isa} when hard-coding deps on krb5-libskrb5-1.11.3-3.fc20krb5-1.11.3-3.fc19Nalin Dahyabhai2013-07-011-7/+11
| | | | | - specify dependencies on the same arch of krb5-libs by using the %%{?_isa} suffix, to avoid dragging 32-bit libraries onto 64-bit systems (#980155)
* Bring back "Back out the krb5-1.11-run_user_0.patch"krb5-1.11.3-2.fc20krb5-1.11.3-2.fc19Nalin Dahyabhai2013-06-131-1/+9
| | | | | | | | | This reverts commit 8a5a8d492cc94cccf9b1a5b55377485f00807b7d. Special-case /run/user/0, attempting to create it when resolving a directory cache below it fails due to ENOENT and we find that it doesn't already exist, either, before attempting to create the directory cache (maybe helping, maybe just making things more confusing for #961235).
* update .gitignorekrb5-1.11.3-1.fc20krb5-1.11.3-1.fc19Nalin Dahyabhai2013-06-041-0/+3
|
* update to 1.11.3Nalin Dahyabhai2013-06-046-185/+43
| | | | | | | | - update to 1.11.3 - drop patch for RT#7605, fixed in this release - drop patch for CVE-2002-2443, fixed in this release - drop patch for RT#7369, fixed in this release - pull upstream fix for breaking t_skew.py by adding the patch for #961221
* Respin with updated version of patch for RT#7650krb5-1.11.2-10.fc20krb5-1.11.2-10.fc19Nalin Dahyabhai2013-05-311-1/+4
| | | | | Respin with updated version of patch for RT#7650, and don't forget to keep track of the bug ID (#969331).
* Update to version from master (differs only in ID)Nalin Dahyabhai2013-05-311-1/+1
| | | | | Update this patch to the version from upstream's master branch, which only changes the commit ID.
* Back out the krb5-1.11-run_user_0.patchkrb5-1.11.2-9.fc20Nalin Dahyabhai2013-05-301-6/+0
| | | | | | It's not a complete fix, and it may only muddy things further on systems that are having the kind of trouble it's trying to avoid, so hold off. For now, at least.
* Pull a fix for kinit going on an only-masters pathNalin Dahyabhai2013-05-302-0/+52
| | | | | | - pull in proposed fix for attempts to get initial creds, which end up following referrals, incorrectly trying to always use master KDCs if they talked to a master at any point (should fix RT#7650)
* Add a hackish attempt at a workaround for #961235Nalin Dahyabhai2013-05-302-0/+40
| | | | | | | | | Add a patch to create /run/user/0 if we're trying to resolve a DIR: ccache somewhere below it and neither the target location nor /run/user/0 exist yet. The better workaround is to set the location's owner to "linger" via logind, since even after we do what we're doing here, if the user logs in and logs back out, our location is still removed.
* Label DIR: ccache directories when we create themNalin Dahyabhai2013-05-302-1/+31
| | | | | - don't forget to set the SELinux label when creating the directory for a DIR: ccache
generated by cgit (git 2.34.1) at 2024-06-20 23:23:40 +0000