summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* - replace our patch for #563431 (kpasswd doesn't fall back to guessing yourNalin Dahyabhai2010-03-191-18/+34
| | | | | principal name using your user name if you don't have a ccache) with the on upstream uses
* - whoops, -p level off by onekrb5-1_8-3_fc14Nalin Dahyabhai2010-03-121-1/+1
|
* - add the RT entry numberNalin Dahyabhai2010-03-123-3/+3
|
* - the last members of the ops structure are pointersNalin Dahyabhai2010-03-121-3/+3
|
* - this needs to be more portable before we try to send it upstreamNalin Dahyabhai2010-03-121-1/+2
|
* - note Sam's RT entry that this fixesNalin Dahyabhai2010-03-121-1/+1
|
* - oh wait, i did thatNalin Dahyabhai2010-03-121-1/+1
|
* - add documentation for the ticket_lifetime option (#561174)Nalin Dahyabhai2010-03-122-1/+39
|
* - drop this; we're not going to worry about itNalin Dahyabhai2010-03-112-227/+0
|
* - add a header describing the what and why hereNalin Dahyabhai2010-03-111-0/+2
|
* - drop this; it's not sufficient any more anywayNalin Dahyabhai2010-03-112-28/+0
|
* - note the RT numberNalin Dahyabhai2010-03-111-0/+1
|
* - correct a few typoskrb5-1_8-2_fc14Nalin Dahyabhai2010-03-081-8/+9
| | | | - note the review bug for splitting out krb5-appl
* - this patch is no longer needed; at some point between 1.7 and 1.8 thisNalin Dahyabhai2010-03-082-118/+0
| | | | was fixed in SVN
* - pull up patch to get the client libraries to correctly perform passwordNalin Dahyabhai2010-03-082-0/+81
| | | | changes over IPv6 (Sumit Bose, RT#6661)
* - whoops, need these lists, tookrb5-1_8-1_fc14Nalin Dahyabhai2010-03-052-0/+10
|
* - update to 1.8krb5-1_0-1_fc14Nalin Dahyabhai2010-03-0537-1617/+1958
| | | | | | | | | | - temporarily bundling the krb5-appl package (split upstream as of 1.8) until its package review is complete - profile.d scriptlets are now only needed by -workstation-clients - adjust paths in init scripts - drop upstreamed fix for KDC denial of service (CVE-2010-0283) - drop patch to check the user's password correctly using crypt(), which isn't a code path we hit when we're using PAM
* - whoops, revert inadvertent not-working version bumpkrb5-1_7_1-6_fc14Nalin Dahyabhai2010-03-031-2/+2
|
* - fix a null pointer dereference and crash introduced in our PAM patch thatNalin Dahyabhai2010-03-032-6/+16
| | | | | | would happen if ftpd was given the name of a user who wasn't known to the local system, limited to being triggerable by gssapi-authenticated clients by the default xinetd config (Olivier Fourdan, #569472)
* - fix a regression (not labeling a kdb database lock file correctly,krb5-1_7_1-5_fc14Nalin Dahyabhai2010-03-022-1/+22
| | | | #569902)
* - move the package changelog to the end to match the usual style (jdennis)krb5-1_7_1-4_fc14Nalin Dahyabhai2010-02-251-592/+633
| | | | | | - scrub out references to $RPM_SOURCE_DIR (jdennis) - include a symlink to the readme with the name LICENSE so that people can find it more easily (jdennis)
* - pull up the change to make kpasswd's behavior better match the docs whenkrb5-1_7_1-3_fc14Nalin Dahyabhai2010-02-172-1/+39
| | | | there's no ccache (#563431)
* - forwardable=yes -> forwardable=true, which should mean the same thing,F-13-splitNalin Dahyabhai2010-02-161-3/+3
| | | | | | | but matches the man page better - take port numbers off of the server names; i'm assuming that it's rare for them to need specifying because i assume the defaults are used more often than not
* - whoops, that's the wrong filename for the patchkrb5-1_7_1-2_fc13Nalin Dahyabhai2010-02-161-1/+1
|
* - upstream patch to correct a denial-of-service in KDCs in 1.7 and laterNalin Dahyabhai2010-02-161-0/+42
|
* - apply patch from upstream to fix KDC denial of service (CVE-2010-0283,Nalin Dahyabhai2010-02-161-1/+7
| | | | #566002)
* - update to 1.7.1krb5-1_7_1-1_fc13Nalin Dahyabhai2010-02-037-511/+30
| | | | | | | | | | | - don't trip AD lockout on wrong password (#542687, #554351) - incorporates fixes for CVE-2009-4212 and CVE-2009-3295 - fixes gss_krb5_copy_ccache() when SPNEGO is used - move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to the devel subpackage, better lining up with the expected krb5/krb5-appl split in 1.8 - drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it already depends on -workstation which also includes them
* - tighten up default permissions on kdc.conf and kadm5.acl (#558343)krb5-1_7-23_fc13Nalin Dahyabhai2010-01-251-3/+6
|
* - use portreserve correctly -- portrelease takes the basename of the filekrb5-1_7-22_fc13Nalin Dahyabhai2010-01-225-7/+17
| | | | whose entries should be released, so we need three files, not one
* - suppress warnings of impending password expiration if expiration is morekrb5-1_7-21_fc13Nalin Dahyabhai2010-01-181-2/+10
| | | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495) - link with libtinfo rather than libncurses, when we can, in future RHEL
* - suppress warnings of impending password expiration if expiration is moreNalin Dahyabhai2010-01-181-0/+17
| | | | | | than seven days away when the KDC reports it via the last-req field, just as we already do when it reports expiration via the key-expiration field (#556495)
* - krb5_get_init_creds_password: check opte->flags instead of options->flagsNalin Dahyabhai2010-01-152-1/+21
| | | | | when checking whether or not we get to use the prompter callback (#555875)
* - use portreserve to make sure the KDC can always bind to the kerberos-ivNalin Dahyabhai2010-01-145-2/+26
| | | | | | port, kpropd can always bind to the krb5_prop port, and that kadmind can always bind to the kerberos-adm port (#555279) - correct inadvertent use of macros in the changelog (rpmlint)
* - fix the description of the problemkrb5-1_7-18_fc13Nalin Dahyabhai2010-01-121-1/+1
|
* - add upstream patches for KDC crash during AES and RC4 decryptionNalin Dahyabhai2010-01-122-1/+384
| | | | (CVE-2009-4212), via Tom Yu (#545015)
* - back down to the earlier version of the patch for #551764; the backportedkrb5-1_7-17_fc13Nalin Dahyabhai2010-01-062-43/+110
| | | | alternate version was incomplete
* - put the conditional back for the -devel subpackageNalin Dahyabhai2010-01-061-2/+5
|
* - revise this to look more like what's been done in upstream trunkkrb5-1_7-16_fc13Nalin Dahyabhai2010-01-051-108/+43
|
* - pull up proposed patch for creating previously-not-there lock files forNalin Dahyabhai2010-01-052-0/+119
| | | | kdb databases when 'kdb5_util' is called to 'load' (#551764)
* - use %%global instead of %%defineNalin Dahyabhai2010-01-051-7/+13
| | | | - fix conditional for future RHEL
* - add tracking bug ID for the latest security patchkrb5-1_7-15_fc13Nalin Dahyabhai2010-01-041-1/+1
|
* - add upstream patch for KDC crash during referral processingNalin Dahyabhai2010-01-042-1/+34
| | | | (CVE-2009-3295), via Tom Yu
* - fix a typokrb5-1_7-14_fc13Nalin Dahyabhai2009-12-211-1/+1
|
* refresh patch for #542868 from trunkNalin Dahyabhai2009-12-212-17/+19
|
* - add the upstream RT numberNalin Dahyabhai2009-12-111-1/+1
|
* - move man pages that live in the -libs subpackage into the regularNalin Dahyabhai2009-12-101-8/+16
| | | | | %%{_mandir} tree where they'll still be found if that package is the only one %installed (#529319)
* - re-enable this change:krb5-1_7-13_fc13Nalin Dahyabhai2009-12-091-3/+6
| | | | - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
* - if the result of our attempt to look up the context is NULL, eitherNalin Dahyabhai2009-12-091-1/+7
| | | | | because the right function returned NULL or we failed to initialize the library, just skip it, as that's all we can do
* back that last change outNalin Dahyabhai2009-12-081-1/+4
|
* - try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)krb5-1_7-12_fc13Nalin Dahyabhai2009-12-082-2/+68
|
generated by cgit (git 2.34.1) at 2025-09-29 19:49:22 +0000