| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
Switch to the simplified version of the patch for #1029110 that ended up
being committed upstream (RT#7764).
|
| |
|
|
|
|
|
|
| |
- check more thorougly for errors when resolving KEYRING ccache names of type
"persistent", which should only have a numeric UID as the next part of the
name (#1029110)
|
| |
|
| |
|
|
|
|
|
| |
- incorporate upstream patch for remote crash of KDCs which serve multiple
realms simultaneously (RT#7755, CVE-2013-1418)
|
|
|
|
|
|
| |
- drop patch to add additional access() checks to ksu - they add to breakage
when non-FILE: caches are in use (#1026099), shouldn't be resulting in any
benefit, and clash with proposed changes to fix its cache handling
|
|
|
|
|
| |
- add some minimal description to the top of the wrapper scripts we use
when starting krb5kdc and kadmind to describe why they exist (tooling)
|
| |
|
|
|
|
|
| |
- pull up fix for importing previously-exported credential caches in the
gssapi library (RT# 7706, #1019420)
|
|
|
|
| |
- extract the rest of the fix #965721/#1016690 from the changes for RT#7680
|
|
|
|
|
| |
- backport the callback to use the libkrb5 prompter when we can't load
PEM files for PKINIT (RT#7590, includes part of #965721/#1016690)
|
|
|
|
| |
- fix trigger scriptlet's invocation of sed (#1016945)
|
|
|
|
|
|
|
|
| |
Rebuild against a keyutils which tags the new symbols we're using with a
newer symbol version, so that RPM can tell the difference between
versions of the package which contain a shared library that doesn't
include them and versions of the package which contain a shared library
which does.
|
|
|
|
|
|
| |
- switch to the version of persistent-keyring that was just merged to
master (RT#7711), along with related changes to kinit (RT#7689)
- go back to setting default_ccache_name to a KEYRING type
|
|
|
|
|
|
| |
- pull up fix for not calling a kdb plugin's check-transited-path
method before calling the library's default version, which only knows
how to read what's in the configuration file (RT#7709, #1013664)
|
|
|
|
|
|
| |
- configure --without-krb5-config so that we don't pull in the old default
ccache name when we want to stop setting a default ccache name at configure-
time
|
|
|
|
| |
- fix broken dependency on awk (should be gawk, rdieter)
|
|
|
|
| |
- add missing dependency on newer keyutils-libs (#1012034)
|
|
|
|
|
| |
- back out setting default_ccache_name to the new default for now, resetting
it to the old default while the kernel/keyutils bits get sorted (sgallagh)
|
|
|
|
|
| |
- add explicit build-time dependency on a version of keyutils that's new
enough to include keyctl_get_persistent() (more of #991148)
|
|
|
|
|
| |
- incorporate Simo's updated backport of his updated persistent-keyring
changes (more of #991148)
|
|
|
|
|
| |
If the session keyring is revoked, we'll to walk the ccache collections.
Work around that so that we don't have to go and disable more tests.
|
| |
|
|
|
|
|
| |
- only apply the patch to autocreate /run/user/0 when we're hard-wiring the
default ccache location to be under it; otherwise it's unnecessary
|
|
|
|
|
| |
- don't let comments intended for one scriptlet become part of the "script"
that gets passed to ldconfig as part of another one (Mattias Ellert, #1005675)
|
|
|
|
|
|
|
| |
- on releases where we expect krb5.conf to be configured with a
default_ccache_name, add it whenever we upgrade from an older version of
the package that wouldn't have included it in its default configuration
file (#991148)
|
|
|
|
|
| |
- restore build-time default DEFCCNAME on Fedora 21 and later and EL, and
instead set it in the default krb5.conf's [libdefaults] section (#991148)
|
|
|
|
| |
- restore build-time default DEFCCNAME on Fedora 21 and later and EL (#991148)
|
|
|
|
| |
- incorporate Simo's backport of his persistent-keyring changes (#991148)
|
|
|
|
|
|
| |
- switch to just the snapshot of nss_wrapper we were using, since we
no longer need to carry anything that isn't in the cwrap.org repository
(ssorce)
|
|
|
|
|
| |
- take another stab at accounting for UnversionedDocdirs for the -libs
subpackage (spotted by ssorce)
|
| |
|
|
|
|
|
|
|
|
|
| |
- drop a patch we're not applying
- wrap kadmind and kpropd in scripts which check for the presence/absence
of files which dictate particular exit codes before exec'ing the actual
binaries, instead of trying to use ConditionPathExists in the unit files
to accomplish that, so that we exit with failure properly when what we
expect isn't actually in effect on the system (#800343)
|
| |
|
|
|
|
| |
- attempt to account for UnversionedDocdirs for the -libs subpackage
|
|
|
|
|
|
| |
- tweak configuration files used during tests to try to reduce the number
of conflicts encountered when builds for multiple arches land on the same
builder
|
|
|
|
| |
- pull up changes to allow GSSAPI modules to provide more functions (RT#7682, #986564/#986565)
|
| |
|
|
|
|
|
|
| |
Use nss_wrapper (from cwrap.org) to be able to run more of the
self-tests during %%check. Help it along a little bit by being
more emphatic about cutting off access to DNS.
|
|
|
|
|
| |
- specify dependencies on the same arch of krb5-libs by using the %%{?_isa}
suffix, to avoid dragging 32-bit libraries onto 64-bit systems (#980155)
|
|
|
|
|
|
|
|
|
| |
This reverts commit 8a5a8d492cc94cccf9b1a5b55377485f00807b7d.
Special-case /run/user/0, attempting to create it when resolving a
directory cache below it fails due to ENOENT and we find that it doesn't
already exist, either, before attempting to create the directory cache
(maybe helping, maybe just making things more confusing for #961235).
|
| |
|
|
|
|
|
|
|
|
| |
- update to 1.11.3
- drop patch for RT#7605, fixed in this release
- drop patch for CVE-2002-2443, fixed in this release
- drop patch for RT#7369, fixed in this release
- pull upstream fix for breaking t_skew.py by adding the patch for #961221
|
|
|
|
|
| |
Respin with updated version of patch for RT#7650, and don't forget to
keep track of the bug ID (#969331).
|
|
|
|
|
| |
Update this patch to the version from upstream's master branch, which
only changes the commit ID.
|
|
|
|
|
|
| |
It's not a complete fix, and it may only muddy things further on systems
that are having the kind of trouble it's trying to avoid, so hold off.
For now, at least.
|
|
|
|
|
|
| |
- pull in proposed fix for attempts to get initial creds, which end up
following referrals, incorrectly trying to always use master KDCs if
they talked to a master at any point (should fix RT#7650)
|
|
|
|
|
|
|
|
|
| |
Add a patch to create /run/user/0 if we're trying to resolve a
DIR: ccache somewhere below it and neither the target location
nor /run/user/0 exist yet.
The better workaround is to set the location's owner to "linger"
via logind, since even after we do what we're doing here, if
the user logs in and logs back out, our location is still removed.
|
|
|
|
|
| |
- don't forget to set the SELinux label when creating the directory for
a DIR: ccache
|