summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* - kadmind: add modified upstream patch to fix free() on an invalid pointer ↵krb5-1.7.1-19.fc13Nalin Dahyabhai2011-04-131-1/+7
| | | | (MITKRB5-SA-2011-004, CVE-2011-0285)
* - whitespace fixups for 1.7 to remove fuzzNalin Dahyabhai2011-04-131-2/+5
|
* http://web.mit.edu/kerberos/advisories/2011-004-patch-r18.txtNalin Dahyabhai2011-04-131-0/+35
|
* - backport change from SVN to fix a computed-value-not-used warning inNalin Dahyabhai2011-03-182-0/+19
| | | | kpropd (#684065)
* - add revised upstream patch to fix double-free in KDC while returningkrb5-1.7.1-18.fc13Nalin Dahyabhai2011-03-152-1/+22
| | | | typed-data with errors (CVE-2011-0284, #674325)
* - add upstream patches to fix standalone kpropd exiting if the per-clientkrb5-1.7.1-17.fc13Nalin Dahyabhai2011-02-083-1/+145
| | | | | | child process exits with an error (MITKRB5-SA-2011-001), and a hang or crash in the KDC when using the LDAP kdb backend (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009, CVE-2011-0281, #668719, CVE-2011-0282, #668726)
* switch to the final patchNalin Dahyabhai2010-11-302-41/+41
|
* fixup whitespace so that it'll apply cleanlyNalin Dahyabhai2010-11-301-78/+77
|
* add upstream patch to fix various issues from MITKRB5-SA-2010-007Nalin Dahyabhai2010-11-302-1/+201
|
* - make -libs actually own /usr/kerberos, because it may be the only reasonkrb5-1.7.1-15.fc13Nalin Dahyabhai2010-09-231-1/+6
| | | | that directory exists, due to owning /usr/kerberos/share (#636746)
* Revert "- use the "pathmunge" function to add %%{krb5prefix}/bin to $PATH ↵krb5-1.7.1-14.fc13Nalin Dahyabhai2010-09-132-3/+11
| | | | | | | | | | rather" This reverts commit 2df01ea9912f966d828fc6503cfaf9954feeb4c4. Conflicts: krb5.spec
* - adjust the last patch to apply properly to 1.7.1krb5-1.7.1-13.fc13Nalin Dahyabhai2010-08-253-30/+33
|
* - fix a logic bug in computing key expiration times (RT#6762, #627022)krb5-1.7.1-12.fc13Nalin Dahyabhai2010-08-242-1/+34
|
* dist-git conversionFedora Release Engineering2010-07-283-22/+0
|
* - pull up fix for upstream #6745, in which the gssapi library would add theNalin Dahyabhai2010-06-212-0/+18
| | | | wrong error table but subsequently attempt to unload the right one
* - use the "pathmunge" function to add %%{krb5prefix}/bin to $PATH ratherNalin Dahyabhai2010-06-092-7/+7
| | | | than doing it the harder way ourselves (part of #544652)
* - ksu: move session management calls to before we drop privileges, like suNalin Dahyabhai2010-05-272-31/+62
| | | | | does (#596887), and don't skip the PAM account check for root or the same user (more of #540769)
* - add patch to correct GSSAPI library null pointer dereference which couldkrb5-1_7_1-10_fc13Nalin Dahyabhai2010-05-182-1/+23
| | | | be triggered by malformed client requests (CVE-2010-1321, #582466)
* - fix output of kprop's init script's "status" and "reload" commandskrb5-1_7_1-9_fc13Nalin Dahyabhai2010-05-042-4/+11
| | | | (#588222)
* - update the bug IDsNalin Dahyabhai2010-04-201-1/+1
|
* - incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)krb5-1_7_1-8_fc13Nalin Dahyabhai2010-04-202-1/+26
|
* - drop patch to suppress key expiration warnings sent from the KDC in theNalin Dahyabhai2010-04-082-22/+5
| | | | | last-req field, as the KDC is expected to just be configured to either send them or not as a particular key approaches expiration (#556495)
* - note why we're going to drop this patchNalin Dahyabhai2010-04-081-1/+4
|
* - add bug numbers for the fix for CVE-2010-0628Nalin Dahyabhai2010-03-231-1/+1
|
* - add fix for denial-of-service in SPNEGO (CVE-2010-0628)krb5-1_7_1-7_fc13Nalin Dahyabhai2010-03-232-1/+82
|
* bump the release numberkrb5-1_7_1-6_fc13Nalin Dahyabhai2010-03-081-2/+2
|
* - pull up patch to get the client libraries to correctly perform passwordNalin Dahyabhai2010-03-082-0/+81
| | | | changes over IPv6 (Sumit Bose, RT#6661)
* - fix a null pointer dereference and crash introduced in our PAM patch thatkrb5-1_7_1-5_fc13Nalin Dahyabhai2010-03-032-4/+10
| | | | | | would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)
* - fix a regression (not labeling a kdb database lock file correctly,krb5-1_7_1-4_fc13Nalin Dahyabhai2010-03-022-1/+22
| | | | #569902)
* - pull up the change to make kpasswd's behavior better match the docs whenNalin Dahyabhai2010-02-182-1/+39
| | | | there's no ccache (#563431)
* Initialize branch F-13 for krb5Jesse Keating2010-02-171-0/+1
|
* - forwardable=yes -> forwardable=true, which should mean the same thing,F-13-startNalin Dahyabhai2010-02-161-3/+3
| | | | | | | but matches the man page better - take port numbers off of the server names; i'm assuming that it's rare for them to need specifying because i assume the defaults are used more often than not
* - whoops, that's the wrong filename for the patchNalin Dahyabhai2010-02-161-1/+1
|
* - upstream patch to correct a denial-of-service in KDCs in 1.7 and laterNalin Dahyabhai2010-02-161-0/+42
|
* - apply patch from upstream to fix KDC denial of service (CVE-2010-0283,Nalin Dahyabhai2010-02-161-1/+7
| | | | #566002)
* - update to 1.7.1Nalin Dahyabhai2010-02-037-511/+30
| | | | | | | | | | | - don't trip AD lockout on wrong password (#542687, #554351) - incorporates fixes for CVE-2009-4212 and CVE-2009-3295 - fixes gss_krb5_copy_ccache() when SPNEGO is used - move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to the devel subpackage, better lining up with the expected krb5/krb5-appl split in 1.8 - drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it already depends on -workstation which also includes them
* - tighten up default permissions on kdc.conf and kadm5.acl (#558343)Nalin Dahyabhai2010-01-251-3/+6
|
* - use portreserve correctly -- portrelease takes the basename of the fileNalin Dahyabhai2010-01-225-7/+17
| | | | whose entries should be released, so we need three files, not one
* - suppress warnings of impending password expiration if expiration is moreNalin Dahyabhai2010-01-181-2/+10
| | | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) - link with libtinfo rather than libncurses, when we can, in future RHEL
* - suppress warnings of impending password expiration if expiration is moreNalin Dahyabhai2010-01-181-0/+17
| | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495)
* - krb5_get_init_creds_password: check opte->flags instead of options->flagsNalin Dahyabhai2010-01-152-1/+21
| | | | | when checking whether or not we get to use the prompter callback (#555875)
* - use portreserve to make sure the KDC can always bind to the kerberos-ivNalin Dahyabhai2010-01-145-2/+26
| | | | | | port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - correct inadvertent use of macros in the changelog (rpmlint)
* - fix the description of the problemNalin Dahyabhai2010-01-121-1/+1
|
* - add upstream patches for KDC crash during AES and RC4 decryptionNalin Dahyabhai2010-01-122-1/+384
| | | | (CVE-2009-4212), via Tom Yu (#545015)
* - back down to the earlier version of the patch for #551764; the backportedNalin Dahyabhai2010-01-062-43/+110
| | | | alternate version was incomplete
* - put the conditional back for the -devel subpackageNalin Dahyabhai2010-01-061-2/+5
|
* - revise this to look more like what's been done in upstream trunkNalin Dahyabhai2010-01-051-108/+43
|
* - pull up proposed patch for creating previously-not-there lock files forNalin Dahyabhai2010-01-052-0/+119
| | | | kdb databases when 'kdb5_util' is called to 'load' (#551764)
* - use %%global instead of %%defineNalin Dahyabhai2010-01-051-7/+13
| | | | - fix conditional for future RHEL
* - add tracking bug ID for the latest security patchNalin Dahyabhai2010-01-041-1/+1
|
generated by cgit (git 2.34.1) at 2024-06-02 04:03:42 +0000