summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* pull up patch for RT#7063 - KDC/client time skewNalin Dahyabhai2012-09-072-0/+65
| | | | | | - pull up patch for RT#7063, in which not noticing a prompt for a long time throws the client library's idea of the time difference between it and the KDC really far out of whack (#773496)
* conflict with broken libsmbclient builds on EL6, so that we don't break themNalin Dahyabhai2012-09-071-0/+9
| | | | | - on EL6, conflict with libsmbclient before 3.5.10-124, which is when it stopped linking with a symbol which we no longer export (#771687)
* cut out an extraneous label configuration reloadkrb5-1.10.3-4.fc19Nalin Dahyabhai2012-09-062-5/+12
| | | | | - cut down the number of times we load SELinux labeling configuration from a minimum of two times to actually one (more of #845125)
* backport patch from RT#7229krb5-1.10.3-3.fc19krb5-1.10.3-3.fc18Nalin Dahyabhai2012-08-303-1/+55
| | | | | - backport patch to disable replay detection in krb5_verify_init_creds() while reading the AP-REQ that's generated in the same function (RT#7229)
* merge and conditionalize some EL6ismskrb5-1.10.3-2.fc19Nalin Dahyabhai2012-08-301-24/+101
| | | | | | | - undo rename from krb5-pkinit-openssl to krb5-pkinit on EL6 - version the Obsoletes: on the krb5-pkinit-openssl to krb5-pkinit rename - reintroduce the init scripts for non-systemd releases - forward-port %%{_?rawbuild} annotations from EL6 packaging
* - update to 1.10.3, rolling in MITKRB5-SA-2012-001Nalin Dahyabhai2012-08-094-69/+12
|
* cache the selabel context between uses (dwalsh)krb5-1.10.2-7.fc18Nalin Dahyabhai2012-08-022-12/+46
| | | | | | - selinux: hang on to the list of selinux contexts, freeing and reloading it only when the file we read it from is modified, freeing it when the shared library is being unloaded (#845125)
* undo file-move fixes on Fedora 17Nalin Dahyabhai2012-08-021-2/+7
| | | | | | - go back to not messing with library file paths on Fedora 17: it breaks file path dependencies in other packages, and since Fedora 17 is already released, breaking that is our fault
* update bug numbers for this updatekrb5-1.10.2-5.fc18Nalin Dahyabhai2012-07-311-1/+1
|
* fixes for MITKRB5-SA-2012-001 and .so symlinksNalin Dahyabhai2012-07-312-4/+85
| | | | | | | | - add upstream patch to fix freeing an uninitialized pointer and dereferencing another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014 and CVE-2012-1015, #838012) - fix a thinko in whether or not we mess around with devel .so symlinks on systems without a separate /usr (sbose)
* Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_RebuildDennis Gilmore2012-07-271-1/+4
|
* backport RT#7183krb5-1.10.2-3.fc18Nalin Dahyabhai2012-06-222-1/+48
| | | | | | - backport a fix to allow a PKINIT client to handle SignedData from a KDC that's signed with a certificate that isn't in the SignedData, but which is available as an anchor or intermediate on the client (RT#7183)
* back out the recent labeling change, per dwalshNalin Dahyabhai2012-06-052-13/+12
| | | | | | - back out this labeling change (dwalsh): - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user
* add explicit buildrequires: on 'hostname' and 'net-tools'krb5-1.10.2-1.fc18Nalin Dahyabhai2012-06-011-0/+7
| | | | | | - add explicit buildrequires: on 'hostname', for the tests, on systems where it's in its own package, and require net-tools, which used to provide the command, everywhere
* no-separate-/usr means we don't have to move shlibsNalin Dahyabhai2012-06-011-0/+9
| | | | | - don't shuffle around any shared libraries on releases with no-separate-/usr, since /lib and /usr/lib are the same anyway
* backport a fix for keytabs which don't have keys for all enctypesNalin Dahyabhai2012-06-012-0/+338
| | | | | | | - add a backport of Stef's patch to set the client's list of supported enctypes to match the types of keys that we have when we are using a keytab to try to get initial credentials, so that a KDC won't send us an AS reply that we can't encrypt (RT#2131, #748528)
* update to 1.10.2Nalin Dahyabhai2012-06-016-30/+41
| | | | | | | - when building the new label for a file we're about to create, also mix in the current range, in addition to the current user - also package the PDF format admin, user, and install guides - drop some PDFs that no longer get built right
* - skip the setfscreatecon() if fopen() is passed "rb" as the open mode (part ↵Nalin Dahyabhai2012-05-072-3/+8
| | | | of #819115)
* - have -server require /usr/share/dict/words, which we set as the default ↵Nalin Dahyabhai2012-05-011-1/+7
| | | | dict_file in kdc.conf (#817089)
* - comment out example.com examples in default krb5.conf (Stef Walter, #805320)Nalin Dahyabhai2012-03-202-7/+8
|
* - changelog that last changeNalin Dahyabhai2012-03-201-1/+4
|
* Change back dns_lookup_kdc to the defaultStef Walter2012-03-201-1/+0
| | | | | | | | | | | | | The specifications recommend against using TXT records to mapping hostnames to realms. However they do not recommend against using SRV records to lookup the KDC. Change back to the MIT default of enabling DNS for KDC lookup. This allows automatic configuration and failover. A theoretical attack involving SRV records could be similarly accomplished by a similar attack involving the A records for the KDC hosts.
* update sourceskrb5-1.10.1-1.fc18Nalin Dahyabhai2012-03-092-0/+6
|
* - update to 1.10.1Nalin Dahyabhai2012-03-095-213/+9
| | | | | | - drop the KDC crash fix - drop the KDC lookaside cache fix - drop the fix for kadmind RPC ACLs (CVE-2012-1012)
* - note the RT numberkrb5-1.10-5.fc18krb5-1.10-5.fc17Nalin Dahyabhai2012-03-081-1/+1
|
* - when removing -workstation, remove our files from the info index while the ↵Nalin Dahyabhai2012-03-071-4/+9
| | | | file is still there, in %%preun, rather than %%postun, and use the compressed file's name (#801035)
* Fix string RPC ACLs (RT#7093); CVE-2012-1012Nathaniel McCallum2012-02-212-1/+67
|
* add upstream lookaside cache fix RT#7082Nathaniel McCallum2012-01-312-1/+107
|
* - add patch to accept keytab entries with vno==0 as matches when we're ↵krb5-1.10-2.fc17Nalin Dahyabhai2012-01-302-1/+60
| | | | searching for an entry with a specific name/kvno (#230382/#782211,RT#3349)
* - note the RT numberNalin Dahyabhai2012-01-302-1/+3
|
* - update to 1.10 finalkrb5-1.10-1.fc17Nalin Dahyabhai2012-01-303-9/+15
|
* fix release numberNathaniel McCallum2012-01-261-2/+2
|
* add upstream crashfix patchNathaniel McCallum2012-01-262-1/+43
|
* - note the RT numberNalin Dahyabhai2012-01-231-1/+1
|
* - update to beta 1krb5-1.10-0.fc17.beta1.1Nalin Dahyabhai2012-01-121-2/+0
|
* - update to beta 1Nalin Dahyabhai2012-01-121-5/+8
|
* - update to beta 1Nalin Dahyabhai2012-01-122-0/+4
|
* - add missing changelog itemNalin Dahyabhai2012-01-121-0/+3
|
* mktemp was long obsoleted by coreutilsPeter Robinson2012-01-111-2/+2
|
* - modify the deltat grammar to also tell gcc (4.7) to suppress ↵krb5-1.10-0.fc17.alpha2.2Nalin Dahyabhai2012-01-042-1/+21
| | | | "maybe-uninitialized" warnings in addition to the "uninitialized" warnings it's already being told to suppress
* - update to alpha 2krb5-1.10-0.fc17.alpha2.1Nalin Dahyabhai2011-12-203-14/+13
| | | | - drop a couple of patches which were integrated for alpha 2
* - don't need this any moreNalin Dahyabhai2011-12-201-59/+0
|
* - don't need this any moreNalin Dahyabhai2011-12-201-40/+0
|
* - pull in patch for RT#7048: allow PAC verification to only bother trying tokrb5-1.10-0.fc17.alpha1.3Nalin Dahyabhai2011-12-132-2/+87
| | | | verify the signature with keys that it's given (still more of #761317)
* - pull in patch for RT#7047: allow tickets obtained via S4U2Proxy to be cachedNalin Dahyabhai2011-12-132-0/+32
| | | | (more of #761317)
* - pull in patch for RT#7046: tag a ccache containing credentials obtained viaNalin Dahyabhai2011-12-132-0/+307
| | | | S4U2Proxy with the principal name of the proxying principal (part of #761317)
* - apply upstream patch to fix a null pointer dereference when processing TGS ↵krb5-1.10-0.fc17.alpha1.2Nalin Dahyabhai2011-12-062-1/+47
| | | | requests (CVE-2011-1530, #753748)
* correct the release to match the changelogNalin Dahyabhai2011-11-301-1/+1
|
* - correct a bug in the fix for #754001 so that the file creation context is ↵Nalin Dahyabhai2011-11-302-5/+7
| | | | consistently reset
* - require libverto-module-base at build- and runtime so that tests whichkrb5-1.10-0.fc17.alpha1.0Nalin Dahyabhai2011-11-151-0/+5
| | | | use verto can work properly
generated by cgit (git 2.34.1) at 2025-09-28 20:00:31 +0000