summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Add patch for CVE-2014-4344krb5-1.12.1-13.fc22Nalin Dahyabhai2014-07-212-1/+51
| | | | | - gssapi: pull in upstream fix for a possible NULL dereference in spnego (CVE-2014-4344)
* Update to upstream patchNalin Dahyabhai2014-07-212-37/+49
| | | | | Update to the as-committed version of this patch, which affects the comments it includes.
* Add proposed fix for a double-free in gss clientskrb5-1.12.1-12.fc22Nalin Dahyabhai2014-07-162-1/+56
| | | | | - gssapi: pull in proposed fix for a double free in initiators (David Woodhouse, #1117963)
* fix license handlingTom Callaway2014-07-121-2/+7
|
* Pull in fix for CVE-2014-4341/CVE-2014-4342krb5-1.12.1-10.fc21Nalin Dahyabhai2014-07-073-1/+719
| | | | | - pull in fix for denial of service by injection of malformed GSSAPI tokens (CVE-2014-4341, CVE-2014-4342, #1116181)
* Backport support for scanning /etc/gss/mech.d/*.confkrb5-1.12.1-9.fc21Nalin Dahyabhai2014-06-242-2/+326
| | | | | - pull in changes from upstream which add processing of the contents of /etc/gss/mech.d/*.conf when loading GSS modules (#1102839)
* Fix FTBFS #1107061 using a patch from upstreamkrb5-1.12.1-8.fc21Nalin Dahyabhai2014-06-122-1/+155
| | | | - pull in fix for building against tcl 8.6 (#1107061)
* Add a buildrequires: on texlive-pdftexNalin Dahyabhai2014-06-121-1/+1
| | | | | | We were having trouble building the PDFs due to a missing pdfcolor.tex after the latest update to python-sphinx, but an even newer texlive-pdftex provides that, so add it as a BuildRequires:
* - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_RebuildDennis Gilmore2014-06-071-1/+4
|
* Backport fix for change password requests when using FAST (RT#7868)Nathaniel McCallum2014-03-042-1/+183
|
* Backport fix for RT#7858krb5-1.12.1-5.fc21Nalin Dahyabhai2014-02-172-2/+176
| | | | | | | - spnego: pull in patch from master to restore preserving the OID of the mechanism the initiator requested when we have multiple OIDs for the same mechanism, so that we reply using the same mechanism OID and the initiator doesn't get confused (#1066000, RT#7858)
* Note that "runstatedir" changes are also #1040056Nalin Dahyabhai2014-02-101-1/+2
|
* Move the default directory for OTP sockets to /var/run/krb5kdckrb5-1.12.1-4.fc21Nalin Dahyabhai2014-02-073-1/+231
| | | | | | | | | | | - pull in patch from master to move the default directory which the KDC uses when computing the socket path for a local OTP daemon from the database directory (/var/kerberos/krb5kdc) to the newly-added run directory (/run/krb5kdc), in line with what we're expecting in 1.13 (RT#7859) - add a tmpfiles.d configuration file to have /run/krb5kdc created at boot-time - own /var/run/krb5kdc
* Add those proposed patcheskrb5-1.12.1-3.fc21Nalin Dahyabhai2014-02-056-0/+1088
| | | | ... as referenced by 9b18d26ce3864e6d502b76e1151f1dfc92569650
* Pull from the right wrapper branchesNalin Dahyabhai2014-02-042-4/+4
| | | | ... and add our local patch to fix the bind-then-connect case.
* refresh nss_wrapper, add socket_wrapperNalin Dahyabhai2014-01-312-7/+18
|
* Take x bit off of an html doc file, fix whitespaceNalin Dahyabhai2014-01-311-6/+6
|
* Add proposed ksu KEYRING+default_ccache_name patchNalin Dahyabhai2014-01-312-11/+29
| | | | | - add currently-proposed changes to teach ksu about credential cache collections and the default_ccache_name setting (#1015559,#1026099)
* Backport changes to allow "rcache" credstoreskrb5-1.12.1-2.fc21Nalin Dahyabhai2014-01-217-1/+457
| | | | | | - pull in multiple changes to allow replay caches to be added to a GSS credential store as "rcache"-type credentials (RT#7818/#7819/#7836, #1056078/#1056080)
* Pull this patch from master, insteadNalin Dahyabhai2014-01-171-1/+1
|
* Finish updating to 1.12.1krb5-1.12.1-1.fc21Nalin Dahyabhai2014-01-172-3/+6
|
* Backport fixes for timesync with keyring cachesNalin Dahyabhai2014-01-172-0/+114
| | | | | | add patch to always retrieve the KDC time offsets from keyring caches, so that we don't mistakenly interpret creds as expired before their time when our clock is ahead of the KDC's (RT#7820, #1030607)
* Drop obsolete patchesNalin Dahyabhai2014-01-173-103/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-46/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-308/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-41/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-30/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-39/+1
|
* Drop obsolete patchNalin Dahyabhai2014-01-172-44/+7
|
* Update the textrel patch for x86krb5-1.12-11.fc21Nalin Dahyabhai2014-01-132-57/+33
| | | | | - update the PIC patch for iaesx86.s to not use ELF relocations (RT#7815, #1045699) to the version that landed upstream
* Note why we started saving ebxNalin Dahyabhai2014-01-091-1/+1
|
* Link shared libs using -Wl,--warn-shared-textrelNalin Dahyabhai2014-01-092-1/+5
| | | | | - pass -Wl,--warn-shared-textrel to the compiler when we're creating shared libraries
* bump release for a new buildkrb5-1.12-10.fc21Nalin Dahyabhai2014-01-091-2/+2
|
* Save/restore ebx in functions where we modify itNalin Dahyabhai2014-01-092-2/+38
| | | | | - amend the PIC patch for iaesx86.s to also save/restore ebx in the functions where we modify it
* Try to remove execmod from 32-bit AES-NI k5cryptokrb5-1.12-9.fc21Nalin Dahyabhai2014-01-062-2/+45
| | | | | | - make a guess at making the 32-bit AES-NI implementation sufficiently position-independent to not require execmod permissions for libk5crypto (more of #1045699)
* Switch to as-committed versionNalin Dahyabhai2014-01-062-4/+29
| | | | | - grab a more-commented version of the most recent patch from upstream master
* Add Dhiru Kholia's patch to restore noexecstackkrb5-1.12-8.fc21Nalin Dahyabhai2014-01-022-3/+45
| | | | | | - add patch from Dhiru Kholia for the AES-NI implementations to allow libk5crypto to be properly marked as not needing an executable stack on arches where they're used (#1045699, and so many others)
* Remove the BuildRequires: on yasm for nowkrb5-1.12-7.fc21Nalin Dahyabhai2014-01-021-2/+7
| | | | Go back to not using AES-NI, until we sort out execstack (#1045699).
* Add the buildrequires: for AES-NI supportkrb5-1.12-6.fc21Nalin Dahyabhai2013-12-191-1/+10
| | | | | - add yasm as a build requirement for AES-NI support, on arches that have yasm and AES-NI
* Pull in fix to improve SPNEGO error messageskrb5-1.12-5.fc21Nalin Dahyabhai2013-12-192-1/+51
| | | | | - pull in fix from master to make reporting of errors encountered by the SPNEGO mechanism work better (RT#7045, part of #1043962)
* Enable pyrad-based testsNalin Dahyabhai2013-12-192-14/+25
| | | | | - update a test wrapper to properly handle things that the new libkrad does, and add python-pyrad as a build requirement so that we can run its tests
* For completeness, also initialize an unused fieldkrb5-1.12-4.fc21Nalin Dahyabhai2013-12-182-4/+11
|
* Backport fixes for krb5_copy_contextkrb5-1.12-3.fc21Nalin Dahyabhai2013-12-182-1/+308
| | | | - backport fixes to krb5_copy_context (RT#7807, #1044735/#1044739)
* Pull in a fix for a mem leak from master (RT#7805)krb5-1.12-2.fc21Nalin Dahyabhai2013-12-182-0/+44
| | | | | | - pull in fix from master to avoid a memory leak in a couple of error cases which could occur while obtaining acceptor credentials (RT#7805, part of #1043962)
* Pull in a fix for a mem leak from master (RT#7803)Nalin Dahyabhai2013-12-182-0/+32
| | | | | - pull in fix from master to avoid a memory leak when a mechanism's init_sec_context function fails (RT#7803, part of #1043962)
* Pick up another interop fix from master (RT#7797)Nalin Dahyabhai2013-12-182-0/+41
| | | | | - pull in fix from master to ignore an empty token from an acceptor if we've already finished authenticating (RT#7797, part of #1043962)
* Pick up an interop fix from master (RT#7794)Nalin Dahyabhai2013-12-182-1/+47
| | | | | | - pull in fix from master to return a NULL pointer rather than allocating zero bytes of memory if we read a zero-length input token (RT#7794, part of #1043962)
* Update to 1.12 finalNalin Dahyabhai2013-12-113-9/+15
|
* Whoops, grab the beta 2 PDFskrb5-1.12-0.fc21.beta2.0Nalin Dahyabhai2013-12-021-1/+1
|
* Update to 1.12 beta2Nalin Dahyabhai2013-12-025-450/+16
| | | | | - drop obsolete backports for storing KDC time offsets and expiration times in keyring credential caches
generated by cgit (git 2.34.1) at 2025-09-27 20:09:28 +0000