summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* - add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointerkrb5-1_6_3-10_fc9Nalin Dahyabhai2008-03-185-1/+459
| | | | | | | | | | | when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063, #432620, #432621) - add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when high-numbered descriptors are used (CVE-2008-0947, #433596) - add backport bug fix for an attempt to free non-heap memory in libgssapi_krb5 (CVE-2007-5901, #415321) - add backport bug fix for a double-free in out-of-memory situations in libgssapi_krb5 (CVE-2007-5971, #415351)
* - remove a couple of hunks where on third look we don't need to be usingNalin Dahyabhai2008-03-181-24/+0
| | | | | WRITABLEFOPEN instead of fopen, because the mode doesn't include writing
* - rework file labeling patch to not depend on fragile preprocessorkrb5-1_6_3-9_fc9Nalin Dahyabhai2008-03-183-882/+849
| | | | trickery, in another attempt at fixing #428355 and friends
* bump release number for rebuildkrb5-1_6_3-8_fc9Nalin Dahyabhai2008-02-261-2/+2
|
* - ftp: add patch to fix "runique on" case when globbing fixes appliedNalin Dahyabhai2008-02-263-21/+20
| | | | | - stop adding a redundant but harmless call to initialize the gssapi internals
* - add the bug ID, close the bugNalin Dahyabhai2008-02-251-1/+1
|
* - add patch to suppress double-processing of /etc/krb5.conf when we buildNalin Dahyabhai2008-02-253-30/+24
| | | | with --sysconfdir=/etc, thereby suppressing double-logging (#231147)
* - remove a patch to fix problems with interfaces which are "up" but whichNalin Dahyabhai2008-02-252-35/+5
| | | | | have no address assigned which conflicted with a change to fix the same problem in 1.5 (#200979)
* - ftp: don't lose track of a descriptor on passive get when the serverNalin Dahyabhai2008-02-252-0/+73
| | | | fails to open a file
* - in login, allow PAM to interact with the user when they've been stronglyNalin Dahyabhai2008-02-252-3/+10
| | | | | | | authenticated - in login, signal PAM when we're changing an expired password that it's an expired password, so that when cracklib flags a password as being weak it's treated as an error even if we're running as root
* comment: Treat 'nsAccountLock: true' the same as 'loginDisabled: true'.Nalin Dahyabhai2008-02-251-0/+2
| | | | RT#5891
* - drop netdb patchNalin Dahyabhai2008-02-182-10/+83
| | | | | | - kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
* - the constants are now provided even without __USE_GNU, so no need forNalin Dahyabhai2008-02-181-242/+0
| | | | this
* - avoid depending on <netdb.h> to define NI_MAXHOST and NI_MAXSERV for uskrb5-1_6_3-6_fc9Nalin Dahyabhai2008-02-132-1/+248
|
* - wow, fix a syntax errorNalin Dahyabhai2008-02-121-1/+1
|
* - a second approach proposed in RTkrb5-1_6_3-5_fc9Nalin Dahyabhai2008-02-121-0/+233
|
* - enable patch for key-expiration reportingNalin Dahyabhai2008-02-121-5/+12
| | | | | | | - enable patch to make kpasswd fall back to TCP if UDP fails - enable patch to make kpasswd use the right sequence number on retransmit - enable patch to allow mech-specific creds delegated under spnego to be found when searching for creds
* - note RT numbers for referenceNalin Dahyabhai2008-01-234-2/+6
| | | | | - include but don't apply the other suggested patch for kpasswd-doesn't-use-tcp
* - revise to reference a different patch which we also don't applyNalin Dahyabhai2008-01-032-168/+1
|
* - less invasive approach to letting kpasswd hit tcp-only serversNalin Dahyabhai2008-01-031-0/+34
|
* - reference unapplied patch to fix password-changing with servers otherNalin Dahyabhai2008-01-032-2/+53
| | | | | than the first one we try to contact - reference bug 242502 (rawhide) instead of 242500 (rhel)
* - bump the releasekrb5-1_6_3-4_fc9Nalin Dahyabhai2008-01-021-1/+1
|
* - right, new yearkrb5-1_6_3-3_fc9Nalin Dahyabhai2008-01-021-1/+1
|
* - some init script cleanupsNalin Dahyabhai2008-01-025-24/+26
| | | | | | | - drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500) - krb524: don't barf on missing database if it looks like we're using kldap, same as for kadmin - return non-zero status for missing files which cause startup to fail
* - allocate space for the nul-terminator in the local pathname when lookingNalin Dahyabhai2007-12-182-6/+10
| | | | | up a file context, and properly free a previous context (Jose Plans, #426085)
* rebuildkrb5-1_6_3-2_fc9Nalin Dahyabhai2007-12-051-1/+4
|
* note the CVE for needing the revised patchNalin Dahyabhai2007-11-131-1/+1
|
* add duplicate bug idNalin Dahyabhai2007-11-131-1/+1
|
* note the RT numberNalin Dahyabhai2007-11-091-1/+1
|
* - update to 1.6.3, dropping now-integrated patches for CVE-2007-3999 andkrb5-1_6_3-1_fc9Nalin Dahyabhai2007-10-235-57/+49
| | | | | | CVE-2007-4000 (the new pkinit module is built conditionally and goes into the -pkinit-openssl package, at least for now, to make a buildreq loop with openssl avoidable)
* - make proper use of pam_loginuid and pam_selinux in rshd and ftpdF-8-splitNalin Dahyabhai2007-10-174-3/+20
|
* makefile update to properly grab makefile.commonBill Nottingham2007-10-151-2/+17
|
* - make krb5.conf %%verify(not md5 size mtime) in addition toNalin Dahyabhai2007-10-121-1/+5
| | | | %%config(noreplace), like /etc/nsswitch.conf (#329811)
* - proposed fix for not being able to find delegated krb5 creds when usingNalin Dahyabhai2007-10-042-0/+46
| | | | spnego
* - revert to the version that hit upstream SVNNalin Dahyabhai2007-10-041-1/+1
|
* - reflect the adjustment just submitted to upstream RT #5802Nalin Dahyabhai2007-10-011-1/+1
|
* - proposed patch to fix receipt of delegated creds in mod_auth_kerbkrb5-1_6_2-9_fc8Nalin Dahyabhai2007-10-012-3/+54
|
* - add the bug ID to the kadmind fixes, note Fran's patch was identical toNalin Dahyabhai2007-09-171-1/+1
| | | | the one I thought we were already using in the F-7 branch
* - undef functions that we override before redefining them; ultimately thisNalin Dahyabhai2007-09-171-1/+16
| | | | | will have to be completely reworked to not use preprocessor magic because it's gotten way uglier than originally planned
* - move the db2 kdb plugin from -server to -libs, because a multilib libkdbkrb5-1_6_2-8_fc8Nalin Dahyabhai2007-09-111-3/+7
| | | | might need it
* - don't exit if we have a kldap dbNalin Dahyabhai2007-09-111-1/+1
|
* - also perform PAM session and credential management when ftpd accepts akrb5-1_6_2-7_fc8Nalin Dahyabhai2007-09-111-1/+6
| | | | | client using strong authentication, missed earlier - also label kadmind log files and files created by the db2 plugin
* - also label kadmind log files and files created by the db2 pluginNalin Dahyabhai2007-09-111-20/+20
|
* - ftpd: also do PAM management for clients who use strong authenticationNalin Dahyabhai2007-09-111-5/+22
|
* bye-bye obsolete patchNalin Dahyabhai2007-09-061-19/+0
|
* - incorporate updated fix for CVE-2007-3999krb5-1_6_2-6_fc8Nalin Dahyabhai2007-09-061-0/+30
|
* bump the revisionNalin Dahyabhai2007-09-061-1/+1
|
* - incorporate updated fix for CVE-2007-3999Nalin Dahyabhai2007-09-061-2/+6
|
* - fix incorrect call to test in the kadmin init scriptNalin Dahyabhai2007-09-061-1/+1
|
* - incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)krb5-1_6_2-5_fc8Nalin Dahyabhai2007-09-043-1/+49
|
generated by cgit (git 2.34.1) at 2025-10-01 02:32:30 +0000