Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add HTTPS patches from masterkrb5-1.12.2-6.fc21 | Nalin Dahyabhai | 2014-09-05 | 19 | -8/+7441 |
| | | | | | | | | | | Pull in a stack of patches to add support for accessing servers via HTTPS proxies, such as python-kdcproxy or the KDC Proxy Service on a properly-outfitted Windows box. Pull in the patch to move the logic out of libkrb5 proper and into a loadable plugin to avoid linking our local applications against our libkrb5 against libssl against the installed copy of libgssapi_krb5 and our local libkrb5support. Adjust a couple of other patches to apply correctly after them. | ||||
* | Backport skipping kpasswd reply address checks | Nalin Dahyabhai | 2014-09-05 | 2 | -1/+66 |
| | | | | | | | | - backport patch to make the client skip checking the server's reply address when processing responses to password-change requests, which between NAT and upcoming HTTPS support, can cause us to erroneously report an error to the user when the server actually reported success (RT #7886) | ||||
* | Define _GNU_SOURCE to get EAI_NODATA and EAI_ADDRFAMILY | Nalin Dahyabhai | 2014-08-28 | 2 | -0/+57 |
| | | | | | - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730,#1084068,#1109102) | ||||
* | Add fix for using compatible enctypes with loose name checking | Nalin Dahyabhai | 2014-08-28 | 2 | -1/+63 |
| | | | | | - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1078888) | ||||
* | Remove the -S flag from kprop.servicekrb5-1.12.2-4.fc21 | Nalin Dahyabhai | 2014-08-28 | 2 | -2/+6 |
| | | | | | - kpropd hasn't bothered with -S since 1.11; stop trying to use that flag in the systemd unit file | ||||
* | Drop obsolete patchkrb5-1.12.2-3.fc21 | Nalin Dahyabhai | 2014-08-22 | 2 | -105/+0 |
| | |||||
* | Merge changes from master into f21 | Nalin Dahyabhai | 2014-08-22 | 27 | -2379/+1637 |
|\ | | | | | | | Update to 1.12.2. | ||||
| * | Pull in upstream fix for an mischecked strdup()krb5-1.12.2-3.fc22 | Nalin Dahyabhai | 2014-08-20 | 2 | -1/+30 |
| | | | | | | | | | | - pull in upstream fix for an incorrect check on the value returned by a strdup() call (#1132062) | ||||
| * | - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild | Peter Robinson | 2014-08-17 | 1 | -1/+4 |
| | | |||||
| * | Upload 1.12.2 sourceskrb5-1.12.2-1.fc22 | Nalin Dahyabhai | 2014-08-15 | 2 | -3/+6 |
| | | |||||
| * | drop patch for CVE-2014-4345, included in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 3 | -17/+1 |
| | | |||||
| * | drop patch for CVE-2014-4344, included in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -46/+1 |
| | | |||||
| * | drop patch for CVE-2014-4343, included in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -63/+1 |
| | | |||||
| * | drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 3 | -714/+1 |
| | | |||||
| * | drop patch for RT#7926, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -38/+1 |
| | | |||||
| * | drop patch for RT#7924, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -151/+1 |
| | | |||||
| * | drop patch for RT#7858, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -168/+1 |
| | | |||||
| * | Update for 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 1 | -5/+6 |
| | | |||||
| * | drop patch for RT#7836, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -45/+1 |
| | | |||||
| * | drop patch for RT#7818, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -29/+2 |
| | | |||||
| * | Drop patch for #231147, fixed in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -16/+1 |
| | | |||||
| * | drop patch for RT#7820, merged in 1.12.2 | Nalin Dahyabhai | 2014-08-15 | 2 | -115/+6 |
| | | |||||
| * | Update collection cache patch set for ksu | Nalin Dahyabhai | 2014-08-15 | 14 | -1090/+1578 |
| | | | | | | | | | | - replace older proposed changes for ksu with backports of the changes after review and merging upstream (#1015559, #1026099, #1118347) | ||||
| * | fix MITKRB5-SA-2014-001 (CVE-2014-4345)krb5-1.12.1-14.fc22 | Nalin Dahyabhai | 2014-08-07 | 3 | -1/+21 |
| | | | | | | | | - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345) | ||||
| * | Add patch for CVE-2014-4344krb5-1.12.1-13.fc22 | Nalin Dahyabhai | 2014-07-21 | 2 | -1/+51 |
| | | | | | | | | | | - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344) | ||||
| * | Update to upstream patch | Nalin Dahyabhai | 2014-07-21 | 2 | -37/+49 |
| | | | | | | | | | | Update to the as-committed version of this patch, which affects the comments it includes. | ||||
| * | Add proposed fix for a double-free in gss clientskrb5-1.12.1-12.fc22 | Nalin Dahyabhai | 2014-07-16 | 2 | -1/+56 |
| | | | | | | | | | | - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, #1117963) | ||||
| * | fix license handling | Tom Callaway | 2014-07-12 | 1 | -2/+7 |
| | | |||||
* | | - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild | Peter Robinson | 2014-08-17 | 1 | -1/+4 |
| | | |||||
* | | fix MITKRB5-SA-2014-001 (CVE-2014-4345)krb5-1.12.1-14.fc21 | Nalin Dahyabhai | 2014-08-07 | 3 | -1/+21 |
| | | | | | | | | - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345) | ||||
* | | Update to upstream patchkrb5-1.12.1-13.fc21 | Nalin Dahyabhai | 2014-07-21 | 2 | -37/+49 |
| | | | | | | | | | | Update to the as-committed version of this patch, which affects the comments it includes. | ||||
* | | Add patch for CVE-2014-4344 | Nalin Dahyabhai | 2014-07-21 | 2 | -1/+51 |
| | | | | | | | | | | - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344) | ||||
* | | Add proposed fix for a double-free in gss clientskrb5-1.12.1-12.fc21 | Nalin Dahyabhai | 2014-07-16 | 2 | -1/+56 |
| | | | | | | | | | | - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, #1117963) | ||||
* | | fix license handling | Tom Callaway | 2014-07-12 | 1 | -2/+7 |
|/ | |||||
* | Pull in fix for CVE-2014-4341/CVE-2014-4342krb5-1.12.1-10.fc21 | Nalin Dahyabhai | 2014-07-07 | 3 | -1/+719 |
| | | | | | - pull in fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1116181) | ||||
* | Backport support for scanning /etc/gss/mech.d/*.confkrb5-1.12.1-9.fc21 | Nalin Dahyabhai | 2014-06-24 | 2 | -2/+326 |
| | | | | | - pull in changes from upstream which add processing of the contents of /etc/gss/mech.d/*.conf when loading GSS modules (#1102839) | ||||
* | Fix FTBFS #1107061 using a patch from upstreamkrb5-1.12.1-8.fc21 | Nalin Dahyabhai | 2014-06-12 | 2 | -1/+155 |
| | | | | - pull in fix for building against tcl 8.6 (#1107061) | ||||
* | Add a buildrequires: on texlive-pdftex | Nalin Dahyabhai | 2014-06-12 | 1 | -1/+1 |
| | | | | | | We were having trouble building the PDFs due to a missing pdfcolor.tex after the latest update to python-sphinx, but an even newer texlive-pdftex provides that, so add it as a BuildRequires: | ||||
* | - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild | Dennis Gilmore | 2014-06-07 | 1 | -1/+4 |
| | |||||
* | Backport fix for change password requests when using FAST (RT#7868) | Nathaniel McCallum | 2014-03-04 | 2 | -1/+183 |
| | |||||
* | Backport fix for RT#7858krb5-1.12.1-5.fc21 | Nalin Dahyabhai | 2014-02-17 | 2 | -2/+176 |
| | | | | | | | - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1066000, RT#7858) | ||||
* | Note that "runstatedir" changes are also #1040056 | Nalin Dahyabhai | 2014-02-10 | 1 | -1/+2 |
| | |||||
* | Move the default directory for OTP sockets to /var/run/krb5kdckrb5-1.12.1-4.fc21 | Nalin Dahyabhai | 2014-02-07 | 3 | -1/+231 |
| | | | | | | | | | | | - pull in patch from master to move the default directory which the KDC uses when computing the socket path for a local OTP daemon from the database directory (/var/kerberos/krb5kdc) to the newly-added run directory (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859) - add a tmpfiles.d configuration file to have /run/krb5kdc created at boot-time - own /var/run/krb5kdc | ||||
* | Add those proposed patcheskrb5-1.12.1-3.fc21 | Nalin Dahyabhai | 2014-02-05 | 6 | -0/+1088 |
| | | | | ... as referenced by 9b18d26ce3864e6d502b76e1151f1dfc92569650 | ||||
* | Pull from the right wrapper branches | Nalin Dahyabhai | 2014-02-04 | 2 | -4/+4 |
| | | | | ... and add our local patch to fix the bind-then-connect case. | ||||
* | refresh nss_wrapper, add socket_wrapper | Nalin Dahyabhai | 2014-01-31 | 2 | -7/+18 |
| | |||||
* | Take x bit off of an html doc file, fix whitespace | Nalin Dahyabhai | 2014-01-31 | 1 | -6/+6 |
| | |||||
* | Add proposed ksu KEYRING+default_ccache_name patch | Nalin Dahyabhai | 2014-01-31 | 2 | -11/+29 |
| | | | | | - add currently-proposed changes to teach ksu about credential cache collections and the default_ccache_name setting (#1015559,#1026099) | ||||
* | Backport changes to allow "rcache" credstoreskrb5-1.12.1-2.fc21 | Nalin Dahyabhai | 2014-01-21 | 7 | -1/+457 |
| | | | | | | - pull in multiple changes to allow replay caches to be added to a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836, #1056078/#1056080) | ||||
* | Pull this patch from master, instead | Nalin Dahyabhai | 2014-01-17 | 1 | -1/+1 |
| |