Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | - kadmind: add modified upstream patch to fix free() on an invalid pointer ↵krb5-1.7.1-19.fc13 | Nalin Dahyabhai | 2011-04-13 | 1 | -1/+7 |
| | | | | (MITKRB5-SA-2011-004, CVE-2011-0285) | ||||
* | - whitespace fixups for 1.7 to remove fuzz | Nalin Dahyabhai | 2011-04-13 | 1 | -2/+5 |
| | |||||
* | http://web.mit.edu/kerberos/advisories/2011-004-patch-r18.txt | Nalin Dahyabhai | 2011-04-13 | 1 | -0/+35 |
| | |||||
* | - backport change from SVN to fix a computed-value-not-used warning in | Nalin Dahyabhai | 2011-03-18 | 2 | -0/+19 |
| | | | | kpropd (#684065) | ||||
* | - add revised upstream patch to fix double-free in KDC while returningkrb5-1.7.1-18.fc13 | Nalin Dahyabhai | 2011-03-15 | 2 | -1/+22 |
| | | | | typed-data with errors (CVE-2011-0284, #674325) | ||||
* | - add upstream patches to fix standalone kpropd exiting if the per-clientkrb5-1.7.1-17.fc13 | Nalin Dahyabhai | 2011-02-08 | 3 | -1/+145 |
| | | | | | | child process exits with an error (MITKRB5-SA-2011-001), and a hang or crash in the KDC when using the LDAP kdb backend (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009, CVE-2011-0281, #668719, CVE-2011-0282, #668726) | ||||
* | switch to the final patch | Nalin Dahyabhai | 2010-11-30 | 2 | -41/+41 |
| | |||||
* | fixup whitespace so that it'll apply cleanly | Nalin Dahyabhai | 2010-11-30 | 1 | -78/+77 |
| | |||||
* | add upstream patch to fix various issues from MITKRB5-SA-2010-007 | Nalin Dahyabhai | 2010-11-30 | 2 | -1/+201 |
| | |||||
* | - make -libs actually own /usr/kerberos, because it may be the only reasonkrb5-1.7.1-15.fc13 | Nalin Dahyabhai | 2010-09-23 | 1 | -1/+6 |
| | | | | that directory exists, due to owning /usr/kerberos/share (#636746) | ||||
* | Revert "- use the "pathmunge" function to add %%{krb5prefix}/bin to $PATH ↵krb5-1.7.1-14.fc13 | Nalin Dahyabhai | 2010-09-13 | 2 | -3/+11 |
| | | | | | | | | | | rather" This reverts commit 2df01ea9912f966d828fc6503cfaf9954feeb4c4. Conflicts: krb5.spec | ||||
* | - adjust the last patch to apply properly to 1.7.1krb5-1.7.1-13.fc13 | Nalin Dahyabhai | 2010-08-25 | 3 | -30/+33 |
| | |||||
* | - fix a logic bug in computing key expiration times (RT#6762, #627022)krb5-1.7.1-12.fc13 | Nalin Dahyabhai | 2010-08-24 | 2 | -1/+34 |
| | |||||
* | dist-git conversion | Fedora Release Engineering | 2010-07-28 | 3 | -22/+0 |
| | |||||
* | - pull up fix for upstream #6745, in which the gssapi library would add the | Nalin Dahyabhai | 2010-06-21 | 2 | -0/+18 |
| | | | | wrong error table but subsequently attempt to unload the right one | ||||
* | - use the "pathmunge" function to add %%{krb5prefix}/bin to $PATH rather | Nalin Dahyabhai | 2010-06-09 | 2 | -7/+7 |
| | | | | than doing it the harder way ourselves (part of #544652) | ||||
* | - ksu: move session management calls to before we drop privileges, like su | Nalin Dahyabhai | 2010-05-27 | 2 | -31/+62 |
| | | | | | does (#596887), and don't skip the PAM account check for root or the same user (more of #540769) | ||||
* | - add patch to correct GSSAPI library null pointer dereference which couldkrb5-1_7_1-10_fc13 | Nalin Dahyabhai | 2010-05-18 | 2 | -1/+23 |
| | | | | be triggered by malformed client requests (CVE-2010-1321, #582466) | ||||
* | - fix output of kprop's init script's "status" and "reload" commandskrb5-1_7_1-9_fc13 | Nalin Dahyabhai | 2010-05-04 | 2 | -4/+11 |
| | | | | (#588222) | ||||
* | - update the bug IDs | Nalin Dahyabhai | 2010-04-20 | 1 | -1/+1 |
| | |||||
* | - incorporate patch to fix double-free in the KDC (CVE-2010-1320, #581922)krb5-1_7_1-8_fc13 | Nalin Dahyabhai | 2010-04-20 | 2 | -1/+26 |
| | |||||
* | - drop patch to suppress key expiration warnings sent from the KDC in the | Nalin Dahyabhai | 2010-04-08 | 2 | -22/+5 |
| | | | | | last-req field, as the KDC is expected to just be configured to either send them or not as a particular key approaches expiration (#556495) | ||||
* | - note why we're going to drop this patch | Nalin Dahyabhai | 2010-04-08 | 1 | -1/+4 |
| | |||||
* | - add bug numbers for the fix for CVE-2010-0628 | Nalin Dahyabhai | 2010-03-23 | 1 | -1/+1 |
| | |||||
* | - add fix for denial-of-service in SPNEGO (CVE-2010-0628)krb5-1_7_1-7_fc13 | Nalin Dahyabhai | 2010-03-23 | 2 | -1/+82 |
| | |||||
* | bump the release numberkrb5-1_7_1-6_fc13 | Nalin Dahyabhai | 2010-03-08 | 1 | -2/+2 |
| | |||||
* | - pull up patch to get the client libraries to correctly perform password | Nalin Dahyabhai | 2010-03-08 | 2 | -0/+81 |
| | | | | changes over IPv6 (Sumit Bose, RT#6661) | ||||
* | - fix a null pointer dereference and crash introduced in our PAM patch thatkrb5-1_7_1-5_fc13 | Nalin Dahyabhai | 2010-03-03 | 2 | -4/+10 |
| | | | | | | would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472) | ||||
* | - fix a regression (not labeling a kdb database lock file correctly,krb5-1_7_1-4_fc13 | Nalin Dahyabhai | 2010-03-02 | 2 | -1/+22 |
| | | | | #569902) | ||||
* | - pull up the change to make kpasswd's behavior better match the docs when | Nalin Dahyabhai | 2010-02-18 | 2 | -1/+39 |
| | | | | there's no ccache (#563431) | ||||
* | Initialize branch F-13 for krb5 | Jesse Keating | 2010-02-17 | 1 | -0/+1 |
| | |||||
* | - forwardable=yes -> forwardable=true, which should mean the same thing,F-13-start | Nalin Dahyabhai | 2010-02-16 | 1 | -3/+3 |
| | | | | | | | but matches the man page better - take port numbers off of the server names; i'm assuming that it's rare for them to need specifying because i assume the defaults are used more often than not | ||||
* | - whoops, that's the wrong filename for the patch | Nalin Dahyabhai | 2010-02-16 | 1 | -1/+1 |
| | |||||
* | - upstream patch to correct a denial-of-service in KDCs in 1.7 and later | Nalin Dahyabhai | 2010-02-16 | 1 | -0/+42 |
| | |||||
* | - apply patch from upstream to fix KDC denial of service (CVE-2010-0283, | Nalin Dahyabhai | 2010-02-16 | 1 | -1/+7 |
| | | | | #566002) | ||||
* | - update to 1.7.1 | Nalin Dahyabhai | 2010-02-03 | 7 | -511/+30 |
| | | | | | | | | | | | - don't trip AD lockout on wrong password (#542687, #554351) - incorporates fixes for CVE-2009-4212 and CVE-2009-3295 - fixes gss_krb5_copy_ccache() when SPNEGO is used - move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to the devel subpackage, better lining up with the expected krb5/krb5-appl split in 1.8 - drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it already depends on -workstation which also includes them | ||||
* | - tighten up default permissions on kdc.conf and kadm5.acl (#558343) | Nalin Dahyabhai | 2010-01-25 | 1 | -3/+6 |
| | |||||
* | - use portreserve correctly -- portrelease takes the basename of the file | Nalin Dahyabhai | 2010-01-22 | 5 | -7/+17 |
| | | | | whose entries should be released, so we need three files, not one | ||||
* | - suppress warnings of impending password expiration if expiration is more | Nalin Dahyabhai | 2010-01-18 | 1 | -2/+10 |
| | | | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) - link with libtinfo rather than libncurses, when we can, in future RHEL | ||||
* | - suppress warnings of impending password expiration if expiration is more | Nalin Dahyabhai | 2010-01-18 | 1 | -0/+17 |
| | | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) | ||||
* | - krb5_get_init_creds_password: check opte->flags instead of options->flags | Nalin Dahyabhai | 2010-01-15 | 2 | -1/+21 |
| | | | | | when checking whether or not we get to use the prompter callback (#555875) | ||||
* | - use portreserve to make sure the KDC can always bind to the kerberos-iv | Nalin Dahyabhai | 2010-01-14 | 5 | -2/+26 |
| | | | | | | port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - correct inadvertent use of macros in the changelog (rpmlint) | ||||
* | - fix the description of the problem | Nalin Dahyabhai | 2010-01-12 | 1 | -1/+1 |
| | |||||
* | - add upstream patches for KDC crash during AES and RC4 decryption | Nalin Dahyabhai | 2010-01-12 | 2 | -1/+384 |
| | | | | (CVE-2009-4212), via Tom Yu (#545015) | ||||
* | - back down to the earlier version of the patch for #551764; the backported | Nalin Dahyabhai | 2010-01-06 | 2 | -43/+110 |
| | | | | alternate version was incomplete | ||||
* | - put the conditional back for the -devel subpackage | Nalin Dahyabhai | 2010-01-06 | 1 | -2/+5 |
| | |||||
* | - revise this to look more like what's been done in upstream trunk | Nalin Dahyabhai | 2010-01-05 | 1 | -108/+43 |
| | |||||
* | - pull up proposed patch for creating previously-not-there lock files for | Nalin Dahyabhai | 2010-01-05 | 2 | -0/+119 |
| | | | | kdb databases when 'kdb5_util' is called to 'load' (#551764) | ||||
* | - use %%global instead of %%define | Nalin Dahyabhai | 2010-01-05 | 1 | -7/+13 |
| | | | | - fix conditional for future RHEL | ||||
* | - add tracking bug ID for the latest security patch | Nalin Dahyabhai | 2010-01-04 | 1 | -1/+1 |
| |