summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Add HTTPS patches from masterkrb5-1.12.2-6.fc21Nalin Dahyabhai2014-09-0519-8/+7441
| | | | | | | | | | Pull in a stack of patches to add support for accessing servers via HTTPS proxies, such as python-kdcproxy or the KDC Proxy Service on a properly-outfitted Windows box. Pull in the patch to move the logic out of libkrb5 proper and into a loadable plugin to avoid linking our local applications against our libkrb5 against libssl against the installed copy of libgssapi_krb5 and our local libkrb5support. Adjust a couple of other patches to apply correctly after them.
* Backport skipping kpasswd reply address checksNalin Dahyabhai2014-09-052-1/+66
| | | | | | | | - backport patch to make the client skip checking the server's reply address when processing responses to password-change requests, which between NAT and upcoming HTTPS support, can cause us to erroneously report an error to the user when the server actually reported success (RT #7886)
* Define _GNU_SOURCE to get EAI_NODATA and EAI_ADDRFAMILYNalin Dahyabhai2014-08-282-0/+57
| | | | | - define _GNU_SOURCE in files where we use EAI_NODATA, to make sure that it's declared (#1059730,#1084068,#1109102)
* Add fix for using compatible enctypes with loose name checkingNalin Dahyabhai2014-08-282-1/+63
| | | | | - backport fix for trying all compatible keys when not being strict about acceptor names while reading AP-REQs (RT#7883, #1078888)
* Remove the -S flag from kprop.servicekrb5-1.12.2-4.fc21Nalin Dahyabhai2014-08-282-2/+6
| | | | | - kpropd hasn't bothered with -S since 1.11; stop trying to use that flag in the systemd unit file
* Drop obsolete patchkrb5-1.12.2-3.fc21Nalin Dahyabhai2014-08-222-105/+0
|
* Merge changes from master into f21Nalin Dahyabhai2014-08-2227-2379/+1637
|\ | | | | | | Update to 1.12.2.
| * Pull in upstream fix for an mischecked strdup()krb5-1.12.2-3.fc22Nalin Dahyabhai2014-08-202-1/+30
| | | | | | | | | | - pull in upstream fix for an incorrect check on the value returned by a strdup() call (#1132062)
| * - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildPeter Robinson2014-08-171-1/+4
| |
| * Upload 1.12.2 sourceskrb5-1.12.2-1.fc22Nalin Dahyabhai2014-08-152-3/+6
| |
| * drop patch for CVE-2014-4345, included in 1.12.2Nalin Dahyabhai2014-08-153-17/+1
| |
| * drop patch for CVE-2014-4344, included in 1.12.2Nalin Dahyabhai2014-08-152-46/+1
| |
| * drop patch for CVE-2014-4343, included in 1.12.2Nalin Dahyabhai2014-08-152-63/+1
| |
| * drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2Nalin Dahyabhai2014-08-153-714/+1
| |
| * drop patch for RT#7926, fixed in 1.12.2Nalin Dahyabhai2014-08-152-38/+1
| |
| * drop patch for RT#7924, fixed in 1.12.2Nalin Dahyabhai2014-08-152-151/+1
| |
| * drop patch for RT#7858, fixed in 1.12.2Nalin Dahyabhai2014-08-152-168/+1
| |
| * Update for 1.12.2Nalin Dahyabhai2014-08-151-5/+6
| |
| * drop patch for RT#7836, fixed in 1.12.2Nalin Dahyabhai2014-08-152-45/+1
| |
| * drop patch for RT#7818, fixed in 1.12.2Nalin Dahyabhai2014-08-152-29/+2
| |
| * Drop patch for #231147, fixed in 1.12.2Nalin Dahyabhai2014-08-152-16/+1
| |
| * drop patch for RT#7820, merged in 1.12.2Nalin Dahyabhai2014-08-152-115/+6
| |
| * Update collection cache patch set for ksuNalin Dahyabhai2014-08-1514-1090/+1578
| | | | | | | | | | - replace older proposed changes for ksu with backports of the changes after review and merging upstream (#1015559, #1026099, #1118347)
| * fix MITKRB5-SA-2014-001 (CVE-2014-4345)krb5-1.12.1-14.fc22Nalin Dahyabhai2014-08-073-1/+21
| | | | | | | | - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
| * Add patch for CVE-2014-4344krb5-1.12.1-13.fc22Nalin Dahyabhai2014-07-212-1/+51
| | | | | | | | | | - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344)
| * Update to upstream patchNalin Dahyabhai2014-07-212-37/+49
| | | | | | | | | | Update to the as-committed version of this patch, which affects the comments it includes.
| * Add proposed fix for a double-free in gss clientskrb5-1.12.1-12.fc22Nalin Dahyabhai2014-07-162-1/+56
| | | | | | | | | | - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, #1117963)
| * fix license handlingTom Callaway2014-07-121-2/+7
| |
* | - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_RebuildPeter Robinson2014-08-171-1/+4
| |
* | fix MITKRB5-SA-2014-001 (CVE-2014-4345)krb5-1.12.1-14.fc21Nalin Dahyabhai2014-08-073-1/+21
| | | | | | | | - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345)
* | Update to upstream patchkrb5-1.12.1-13.fc21Nalin Dahyabhai2014-07-212-37/+49
| | | | | | | | | | Update to the as-committed version of this patch, which affects the comments it includes.
* | Add patch for CVE-2014-4344Nalin Dahyabhai2014-07-212-1/+51
| | | | | | | | | | - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344)
* | Add proposed fix for a double-free in gss clientskrb5-1.12.1-12.fc21Nalin Dahyabhai2014-07-162-1/+56
| | | | | | | | | | - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, #1117963)
* | fix license handlingTom Callaway2014-07-121-2/+7
|/
* Pull in fix for CVE-2014-4341/CVE-2014-4342krb5-1.12.1-10.fc21Nalin Dahyabhai2014-07-073-1/+719
| | | | | - pull in fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1116181)
* Backport support for scanning /etc/gss/mech.d/*.confkrb5-1.12.1-9.fc21Nalin Dahyabhai2014-06-242-2/+326
| | | | | - pull in changes from upstream which add processing of the contents of /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)
* Fix FTBFS #1107061 using a patch from upstreamkrb5-1.12.1-8.fc21Nalin Dahyabhai2014-06-122-1/+155
| | | | - pull in fix for building against tcl 8.6 (#1107061)
* Add a buildrequires: on texlive-pdftexNalin Dahyabhai2014-06-121-1/+1
| | | | | | We were having trouble building the PDFs due to a missing pdfcolor.tex after the latest update to python-sphinx, but an even newer texlive-pdftex provides that, so add it as a BuildRequires:
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildDennis Gilmore2014-06-071-1/+4
|
* Backport fix for change password requests when using FAST (RT#7868)Nathaniel McCallum2014-03-042-1/+183
|
* Backport fix for RT#7858krb5-1.12.1-5.fc21Nalin Dahyabhai2014-02-172-2/+176
| | | | | | | - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1066000, RT#7858)
* Note that "runstatedir" changes are also #1040056Nalin Dahyabhai2014-02-101-1/+2
|
* Move the default directory for OTP sockets to /var/run/krb5kdckrb5-1.12.1-4.fc21Nalin Dahyabhai2014-02-073-1/+231
| | | | | | | | | | | - pull in patch from master to move the default directory which the KDC uses when computing the socket path for a local OTP daemon from the database directory (/var/kerberos/krb5kdc) to the newly-added run directory (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859) - add a tmpfiles.d configuration file to have /run/krb5kdc created at boot-time - own /var/run/krb5kdc
* Add those proposed patcheskrb5-1.12.1-3.fc21Nalin Dahyabhai2014-02-056-0/+1088
| | | | ... as referenced by 9b18d26ce3864e6d502b76e1151f1dfc92569650
* Pull from the right wrapper branchesNalin Dahyabhai2014-02-042-4/+4
| | | | ... and add our local patch to fix the bind-then-connect case.
* refresh nss_wrapper, add socket_wrapperNalin Dahyabhai2014-01-312-7/+18
|
* Take x bit off of an html doc file, fix whitespaceNalin Dahyabhai2014-01-311-6/+6
|
* Add proposed ksu KEYRING+default_ccache_name patchNalin Dahyabhai2014-01-312-11/+29
| | | | | - add currently-proposed changes to teach ksu about credential cache collections and the default_ccache_name setting (#1015559,#1026099)
* Backport changes to allow "rcache" credstoreskrb5-1.12.1-2.fc21Nalin Dahyabhai2014-01-217-1/+457
| | | | | | - pull in multiple changes to allow replay caches to be added to a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836, #1056078/#1056080)
* Pull this patch from master, insteadNalin Dahyabhai2014-01-171-1/+1
|
generated by cgit (git 2.34.1) at 2024-05-14 06:40:19 +0000