|
|
 |
|
|
Changelog for krb5-devel-1.6.1-25.SEL5_2.i386.rpm :
* Mon May 26 2008 Eddy Nigg - Rebuild for StartCom Linux 5.0.x
* Wed Mar 05 2008 Nalin Dahyabhai 1.6.1-25.SEL5_2- add preliminary patch to fix use of uninitialized pointer / double-free in KDC (CVE-2008-0062,CVE-2008-0063) (#432620, #432621)- add backported patch to fix use-after-free in libgssapi_krb5 (CVE-2007-5901) (#415321)- add backported patch to fix double-free in libgssapi_krb5 (CVE-2007-5971) (#415351)- add preliminary patch to fix incorrect handling of high-numbered descriptors in the RPC library (CVE-2008-0947) (#433596)
* Fri Feb 08 2008 Nalin Dahyabhai 1.6.1-24- kdb_ldap: add patch to recognize \"nsAccountLock: TRUE\" as indicating that an entry should have the DISALLOW_ALL_TIX flag set (read only), for better interop with Fedora, Netscape, Red Hat Directory Server (Simo Sorce, #431784)
* Thu Jan 31 2008 Nalin Dahyabhai 1.6.1-23- backport changes from 1.6.3 which allow callers of the the sendto-kdc functions to override the failover behavior on a per-response basis, and default to failing over on service-unavailable errors (#230384)
* Wed Jan 30 2008 Nalin Dahyabhai 1.6.1-22- add patch to fall back to TCP kpasswd servers for kdc-unreachable, can\'t-resolve-server, and response-too-big errors (#392631)
* Thu Jan 24 2008 Nalin Dahyabhai - fold in some more changes to account for differing definitions of %{dist} (more of #427790)
* Tue Jan 15 2008 Nalin Dahyabhai 1.6.1-21- add conditional logic to allow building only the krb5-server-ldap subpackage (#427790)- use the right sequence numbers when generating password-set/change requests for kpasswd servers after the first one (#427789)
* Tue Dec 18 2007 Nalin Dahyabhai 1.6.1-20- allocate space for the relative path including the nul-terminator (Jose Plans, #426085)- fix a couple of spots where a file context wouldn\'t be freed
* Tue Dec 11 2007 Nalin Dahyabhai 1.6.1-19- backport from 1.6.3 to initialize a library-allocated get_init_creds_opt structure the same way we would one which was allocated by the calling application, to restore kinit\'s traditional behavior of doing a password change right when it detects an expired password (#413051)
* Fri Nov 09 2007 Nalin Dahyabhai 1.6.1-18- fix syntax error in kadmin init script (#373011,#381011)- turn off content/size/date verification on krb5.conf (#329771)- fix storage of delegated krb5 credentials when they\'ve been wrapped up in spnego (#319351)- return a delegated credential handle even if the application didn\'t pass a location to store the flags which would be used to indicate that credentials were delegated (#314651)- in login, allow PAM to interact with the user when they\'ve been strongly authenticated (#309951)- signal PAM when we\'re changing an expired password that it\'s an expired password, so that when cracklib flags a password as being weak it\'s treated as an error even if we\'re running as root (#308131)- set the key expiration time in an AS-REP using the sooner of the client\'s entry\'s key expiration time and the entry\'s expiration time, instead of just the entry\'s expiration time (#250257)- in ftp, don\'t lose track of a client socket when a server-side error causes a download to fail (#248618)- in ftp, fix runique when mget is used (#247633)- add the snippet documenting the kdc_tcp_ports option to kdc.conf\'s man page, using text taken from the administrator\'s guide (#282191)- in kpasswd, when reading the client\'s principal name from the ccache fails for any reason, fall back to the user\'s name (#248631)- init script cleanups (Michal Marciniszyn, #242500)- tweak the telnet man page to refer to the telnet rlogin escape character as such instead of rereferring to it simly as the escape character or the telnet escape character (#247741)
* Wed Sep 12 2007 Nalin Dahyabhai 1.6.1-17- ftpd: also do PAM session and credential management when ftp clients use strong authentication (#286291)
* Fri Sep 07 2007 Nalin Dahyabhai 1.6.1-16- update to revised patch for CVE-2007-3999
* Fri Sep 07 2007 Nalin Dahyabhai 1.6.1-15- fix omission of files created by the db2 plugin when labeling (#228157)
* Sat Aug 25 2007 Nalin Dahyabhai 1.6.1-14- make krb5-workstation depend on the PAM configuration file used by login.krb5- fix omission of kadmin log file when labeling (#253558)
* Tue Aug 21 2007 Nalin Dahyabhai 1.6.1-13- add preliminary patch to fix buffer overflow in rpcsec_gss implementation in libgssrpc (#250973, CVE-2007-3999) and write through uninitialized pointer in kadmind (#250976, CVE-2007-4000)
* Fri Jul 27 2007 Nalin Dahyabhai 1.6.1-12- kdc: default to listening for TCP clients as well (#248415)
* Thu Jul 12 2007 Nalin Dahyabhai 1.6.1-11- login: change to the user\'s home directory after dropping privileges, not before (#248050)- turn off the ldap features
* Thu Jun 28 2007 Nalin Dahyabhai 1.6.1-10- add a patch to allow applications to try to use a key with kvno=0, if found, in place of the \"right\" version for a request (Luke Howard, #230379)
* Thu Jun 28 2007 Nalin Dahyabhai 1.6.1-9- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443) and MITKRB5-SA-2007-005 (CVE-2007-2798) (#239073)
* Tue Jun 26 2007 Nalin Dahyabhai 1.6.1-7- reintroduce missing %postun for the non-split_workstation case
* Tue Jun 26 2007 Nalin Dahyabhai 1.6.1-6- rebuild
* Tue Jun 26 2007 Nalin Dahyabhai 1.6.1-5.1- rebuild
* Mon Jun 25 2007 Nalin Dahyabhai 1.6.1-5- add missing pam-devel build requirement, force selinux-or-fail build
* Mon Jun 25 2007 Nalin Dahyabhai 1.6.1-4- rebuild
* Mon Jun 25 2007 Nalin Dahyabhai 1.6.1-3- label all files at creation-time according to the SELinux policy (#228157)
* Sat Jun 23 2007 Nalin Dahyabhai - perform PAM account / session management in krshd (#182195,#195922)- perform PAM authentication and account / session management in ftpd- perform PAM authentication, account / session management, and password- changing in login.krb5 (#182195,#195922)
* Sat Jun 23 2007 Nalin Dahyabhai - preprocess kerberos.ldif into a format FDS will like better, and include that as a doc file as well
* Sat Jun 23 2007 Nalin Dahyabhai - switch man pages to being generated with the right paths in them- drop old, incomplete SELinux patch- add patch from Greg Hudson to make srvtab routines report missing-file errors at same point that keytab routines do (#241805)
* Fri May 25 2007 Nalin Dahyabhai 1.6.1-2- pull patch from svn to undo unintentional chattiness in ftp- pull patch from svn to handle NULL krb5_get_init_creds_opt structures better in a couple of places where they\'re expected
* Thu May 24 2007 Nalin Dahyabhai 1.6.1-1- update to 1.6.1 - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216 - drop patch for sendto bug in 1.6, fixed in 1.6.1
* Sat May 19 2007 Nalin Dahyabhai - kadmind.init: don\'t fail outright if the default principal database isn\'t there if it looks like we might be using the kldap plugin- kadmind.init: attempt to extract the key for the host-specific kadmin service when we try to create the keytab
* Thu May 17 2007 Nalin Dahyabhai 1.6-6- omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and they\'re not part of the libkrb5 interface (patch by Rex Dieter, #240220) (strips out libkeyutils, libresolv, libdl)
* Sat May 05 2007 Nalin Dahyabhai 1.6-5- pull in keyutils as a build requirement to get the \"KEYRING:\" ccache type, because we\'ve merged
* Sat May 05 2007 Nalin Dahyabhai 1.6-4- fix an uninitialized length value which could cause a crash when parsing key data coming from a directory server- correct a typo in the krb5.conf man page (\"ldap_server\"->\"ldap_servers\")
* Sat Apr 14 2007 Nalin Dahyabhai - move the default acl_file, dict_file, and admin_keytab settings to the part of the default/example kdc.conf where they\'ll actually have an effect (#236417)
* Fri Apr 06 2007 Nalin Dahyabhai 1.5-24- merge security fixes from RHSA-2007:0095
* Wed Apr 04 2007 Nalin Dahyabhai 1.6-3- add patch to correct unauthorized access via krb5-aware telnet daemon (#229782, CVE-2007-0956)- add patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957)- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
* Thu Mar 22 2007 Nalin Dahyabhai - back out buildrequires: keyutils-libs-devel for now
* Thu Mar 22 2007 Nalin Dahyabhai 1.6-2- add buildrequires: on keyutils-libs-devel to enable use of keyring ccaches, dragging keyutils-libs in as a dependency
* Mon Mar 19 2007 Nalin Dahyabhai 1.5-23- fix bug ID in changelog
* Thu Mar 15 2007 Nalin Dahyabhai 1.5-22
* Thu Mar 15 2007 Nalin Dahyabhai 1.5-21- add preliminary patch to fix buffer overflow in krb5kdc and kadmind (#231528, CVE-2007-0957)- add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)
* Wed Feb 28 2007 Nalin Dahyabhai - add patch to build semi-useful static libraries, but don\'t apply it unless we need them
* Tue Feb 27 2007 Nalin Dahyabhai - 1.5-20- temporarily back out %post changes, fix for #143289 for security update- add preliminary patch to correct unauthorized access via krb5-aware telnet
* Mon Feb 19 2007 Nalin Dahyabhai - make profile.d scriptlets mode 644 instead of 755 (part of #225974)
* Tue Jan 30 2007 Nalin Dahyabhai 1.6-1- clean up quoting of command-line arguments passed to the krsh/krlogin wrapper scripts
* Thu Jan 25 2007 Nalin Dahyabhai - 1.5-19- refrain from killing any lingering members of our child\'s process group when logging that the child process has exited (Jose Plans, #143289)
* Mon Jan 22 2007 Nalin Dahyabhai - initial update to 1.6, pre-package-reorg- move workstation daemons to a new subpackage (#81836, #216356, #217301), and make the new subpackage require xinetd (#211885)
* Mon Jan 22 2007 Nalin Dahyabhai - 1.5-18- make use of install-info more failsafe (Ville Skyttä, #223704)- preserve timestamps on shell scriptlets at %install-time
* Tue Jan 16 2007 Nalin Dahyabhai - 1.5-17- move to using pregenerated PDF docs to cure multilib conflicts (#222721)
* Fri Jan 12 2007 Nalin Dahyabhai - 1.5-16- update backport of the preauth module interface (part of #194654)
* Tue Jan 09 2007 Nalin Dahyabhai - 1.5-14- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456)- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)
* Wed Dec 20 2006 Nalin Dahyabhai - 1.5-12- update backport of the preauth module interface
* Mon Oct 30 2006 Nalin Dahyabhai - update backport of the preauth module interface- add proposed patches 4566, 4567- add proposed edata reporting interface for KDC- add temporary placeholder for module global context fixes
* Tue Oct 24 2006 Nalin Dahyabhai - 1.5-11- don\'t bail from the KDC init script if there\'s no database, it may be in a different location than the default (fenlason)- remove the [kdc] section from the default krb5.conf -- doesn\'t seem to have been applicable for a while
* Thu Oct 19 2006 Nalin Dahyabhai - 1.5-10- rename krb5.sh and krb5.csh so that they don\'t overlap (#210623)- way-late application of added error info in kadmind.init (#65853)
* Thu Oct 19 2006 Nalin Dahyabhai - 1.5-9.pal_18695- add backport of in-development preauth module interface (#208643)
* Tue Oct 10 2006 Nalin Dahyabhai - 1.5-9- provide docs in PDF format instead of as tex source (Enrico Scholz, #209943)
* Thu Oct 05 2006 Nalin Dahyabhai - 1.5-8- add missing shebang headers to krsh and krlogin wrapper scripts (#209238)
* Thu Sep 07 2006 Nalin Dahyabhai - 1.5-7- set SS_LIB at configure-time so that libss-using apps get working readline support (#197044)
* Sat Aug 19 2006 Nalin Dahyabhai - 1.5-6- switch to the updated patch for MITKRB-SA-2006-001
* Wed Aug 09 2006 Nalin Dahyabhai - 1.5-5- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
* Tue Aug 08 2006 Nalin Dahyabhai - 1.5-4- ensure that the gssapi library\'s been initialized before walking the internal mechanism list in gss_release_oid(), needed if called from gss_release_name() right after a gss_import_name() (#198092)
* Wed Jul 26 2006 Nalin Dahyabhai - 1.5-3- rebuild
* Wed Jul 26 2006 Nalin Dahyabhai - 1.5-2- pull up latest revision of patch to reduce lockups in rsh/rshd
* Tue Jul 18 2006 Nalin Dahyabhai - 1.5-1.2- rebuild
* Thu Jul 13 2006 Jesse Keating - 1.5-1.1- rebuild
* Fri Jul 07 2006 Nalin Dahyabhai 1.5-1- build
* Thu Jul 06 2006 Nalin Dahyabhai 1.5-0- update to 1.5
* Sat Jun 24 2006 Nalin Dahyabhai 1.4.3-9- mark profile.d config files noreplace (Laurent Rineau, #196447)
* Fri Jun 09 2006 Nalin Dahyabhai 1.4.3-8- add buildprereq for autoconf
* Tue May 23 2006 Nalin Dahyabhai 1.4.3-7- further munge krb5-config so that \'libdir=/usr/lib\' is given even on 64-bit architectures, to avoid multilib conflicts; other changes will conspire to strip out the -L flag which uses this, so it should be harmless (#192692)
* Sat Apr 29 2006 Nalin Dahyabhai 1.4.3-6- adjust the patch which removes the use of rpath to also produce a krb5-config which is okay in multilib environments (#190118)- make the name-of-the-tempfile comment which compile_et adds to error code headers always list the same file to avoid conflicts on multilib installations- strip SIZEOF_LONG out of krb5.h so that it doesn\'t conflict on multilib boxes- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn\'t conflict on mulitlib boxes
* Sat Apr 15 2006 Stepan Kasal 1.4.3-5- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)
* Fri Feb 10 2006 Jesse Keating 1.4.3-4.1- bump again for double-long bug on ppc(64)
* Mon Feb 06 2006 Nalin Dahyabhai 1.4.3-4- give a little bit more information to the user when kinit gets the catch-all I/O error (#180175)
* Thu Jan 19 2006 Nalin Dahyabhai 1.4.3-3- rebuild properly when pthread_mutexattr_setrobust_np() is defined but not declared, such as with recent glibc when _GNU_SOURCE isn\'t being used
* Thu Jan 19 2006 Matthias Clasen 1.4.3-2- Use full paths in krb5.sh to avoid path lookups
* Fri Dec 09 2005 Jesse Keating - rebuilt
* Thu Dec 01 2005 Nalin Dahyabhai - login: don\'t truncate passwords before passing them into crypt(), in case they\'re significant (#149476)
* Thu Nov 17 2005 Nalin Dahyabhai 1.4.3-1- update to 1.4.3- make ksu setuid again (#137934, others)
* Wed Sep 14 2005 Nalin Dahyabhai 1.4.2-4- mark %{krb5prefix}/man so that files which are packaged within it are flagged as %doc (#168163)
* Wed Sep 07 2005 Nalin Dahyabhai 1.4.2-3- add an xinetd configuration file for encryption-only telnetd, parallelling the kshell/ekshell pair (#167535)
* Thu Sep 01 2005 Nalin Dahyabhai 1.4.2-2- change the default configured encryption type for KDC databases to the compiled-in default of des3-hmac-sha1 (#57847)
* Fri Aug 12 2005 Nalin Dahyabhai 1.4.2-1- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and MIT-KRB5-SA-2005-003
* Thu Jun 30 2005 Nalin Dahyabhai 1.4.1-6- rebuild
* Thu Jun 30 2005 Nalin Dahyabhai 1.4.1-5- fix telnet client environment variable disclosure the same way NetKit\'s telnet client did (CAN-2005-0488) (#159305)- keep apps which call krb5_principal_compare() or krb5_realm_compare() with malformed or NULL principal structures from crashing outright (Thomas Biege) (#161475)
* Wed Jun 29 2005 Nalin Dahyabhai - apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175) (#157104)- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)
* Sat Jun 25 2005 Nalin Dahyabhai 1.4.1-4- fix double-close in keytab handling- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)
* Sat May 14 2005 Nalin Dahyabhai 1.4.1-3- prevent spurious EBADF in krshd when stdin is closed by the client while the command is running (#151111)
* Sat May 14 2005 Martin Stransky 1.4.1-2- add deadlock patch, removed old patch
* Sat May 07 2005 Nalin Dahyabhai 1.4.1-1- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig file for the service, pass it as an argument for the -r flag
* Wed Mar 23 2005 Nalin Dahyabhai 1.4-3- drop krshd patch for now
* Thu Mar 17 2005 Nalin Dahyabhai - add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)
* Wed Mar 16 2005 Nalin Dahyabhai 1.4-2- don\'t include into the telnet client when we\'re not using curses
* Thu Feb 24 2005 Nalin Dahyabhai 1.4-1- update to 1.4 - v1.4 kadmin client requires a v1.4 kadmind on the server, or use the \"-O\" flag to specify that it should communicate with the server using the older protocol - new libkrb5support library - v5passwdd and kadmind4 are gone - versioned symbols- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass it on to krb5kdc- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass it on to kadmind- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass it on to krb524d
*instead of
* \"-m\"- set \"forwardable\" in [libdefaults] in the default krb5.conf to match the default setting which we supply for pam_krb5- set a default of 24h for \"ticket_lifetime\" in [libdefaults], reflecting the compiled-in default
* Mon Dec 20 2004 Nalin Dahyabhai 1.3.6-3- rebuild
* Mon Dec 20 2004 Nalin Dahyabhai 1.3.6-2- rebuild
* Mon Dec 20 2004 Nalin Dahyabhai 1.3.6-1- update to 1.3.6, which includes the previous fix
* Mon Dec 20 2004 Nalin Dahyabhai 1.3.5-8- apply fix from Tom Yu for MITKRB5-SA-2004-004 (CAN-2004-1189)
* Fri Dec 17 2004 Martin Stransky 1.3.5-7- fix deadlock during file transfer via rsync/krsh- thanks goes to James Antill for hint
* Fri Nov 26 2004 Nalin Dahyabhai 1.3.5-6- rebuild
* Mon Nov 22 2004 Nalin Dahyabhai 1.3.5-3- fix predictable-tempfile-name bug in krb5-send-pr (CAN-2004-0971, #140036)
* Tue Nov 16 2004 Nalin Dahyabhai - silence compiler warning in kprop by using an in-memory ccache with a fixed name instead of an on-disk ccache with a name generated by tmpnam()
* Tue Nov 16 2004 Nalin Dahyabhai 1.3.5-2- fix globbing patch port mode (#139075)
* Mon Nov 01 2004 Nalin Dahyabhai 1.3.5-1- fix segfault in telnet due to incorrect checking of gethostbyname_r result codes (#129059)
* Sat Oct 16 2004 Nalin Dahyabhai - remove rc4-hmac:norealm and rc4-hmac:onlyrealm from the default list of supported keytypes in kdc.conf -- they produce exactly the same keys as rc4-hmac:normal because rc4 string-to-key ignores salts- nuke kdcrotate -- there are better ways to balance the load on KDCs, and the SELinux policy for it would have been scary-looking- update to 1.3.5, mainly to include MITKRB5SA 2004-002 and 2004-003
* Wed Sep 01 2004 Nalin Dahyabhai 1.3.4-7- rebuild
* Wed Aug 25 2004 Nalin Dahyabhai 1.3.4-6- rebuild
* Wed Aug 25 2004 Nalin Dahyabhai 1.3.4-5- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644, CAN-2004-0772
* Tue Aug 24 2004 Nalin Dahyabhai 1.3.4-4- rebuild
* Tue Aug 24 2004 Nalin Dahyabhai 1.3.4-3- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772 (MITKRB5-SA-2004-002, #130732)- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732)
* Wed Jul 28 2004 Nalin Dahyabhai 1.3.4-2- fix indexing error in server sorting patch (#127336)
* Wed Jun 16 2004 Elliot Lee - rebuilt
* Tue Jun 15 2004 Nalin Dahyabhai 1.3.4-0.1- update to 1.3.4 final
* Tue Jun 08 2004 Nalin Dahyabhai 1.3.4-0- update to 1.3.4 beta1- remove MITKRB5-SA-2004-001, included in 1.3.4
* Tue Jun 08 2004 Nalin Dahyabhai 1.3.3-8- rebuild
* Sat Jun 05 2004 Nalin Dahyabhai 1.3.3-7- rebuild
* Sat Jun 05 2004 Nalin Dahyabhai 1.3.3-6- apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02)
* Wed Jun 02 2004 Nalin Dahyabhai 1.3.3-5- rebuild
* Wed Jun 02 2004 Nalin Dahyabhai 1.3.3-4- apply patch from MITKRB5-SA-2004-001 (#125001)
* Thu May 13 2004 Thomas Woerner 1.3.3-3- removed rpath
* Fri Apr 16 2004 Nalin Dahyabhai 1.3.3-2- re-enable large file support, fell out in 1.3-1- patch rcp to use long long and %lld format specifiers when reporting file sizes on large files
* Wed Apr 14 2004 Nalin Dahyabhai 1.3.3-1- update to 1.3.3
* Wed Mar 10 2004 Nalin Dahyabhai 1.3.2-1- update to 1.3.2
* Mon Mar 08 2004 Nalin Dahyabhai 1.3.1-12- rebuild
* Tue Mar 02 2004 Elliot Lee 1.3.1-11.1- rebuilt
* Fri Feb 13 2004 Elliot Lee 1.3.1-11- rebuilt
* Mon Feb 09 2004 Nalin Dahyabhai 1.3.1-10- catch krb4 send_to_kdc cases in kdc preference patch
* Mon Feb 02 2004 Nalin Dahyabhai 1.3.1-9- remove patch to set TERM in klogind which, combined with the upstream fix in 1.3.1, actually produces the bug now (#114762)
* Mon Jan 19 2004 Nalin Dahyabhai 1.3.1-8- when iterating over lists of interfaces which are \"up\" from getifaddrs(), skip over those which have no address (#113347)
* Mon Jan 12 2004 Nalin Dahyabhai - prefer the kdc which last replied to a request when sending requests to kdcs
* Mon Nov 24 2003 Nalin Dahyabhai 1.3.1-7- fix combination of --with-netlib and --enable-dns (#82176)
* Tue Nov 18 2003 Nalin Dahyabhai - remove libdefault ticket_lifetime option from the default krb5.conf, it is ignored by libkrb5
* Fri Sep 26 2003 Nalin Dahyabhai 1.3.1-6- fix bug in patch to make rlogind start login with a clean environment a la netkit rlogin, spotted and fixed by Scott McClung
* Wed Sep 24 2003 Nalin Dahyabhai 1.3.1-5- include profile.d scriptlets in krb5-devel so that krb5-config will be in the path if krb5-workstation isn\'t installed, reported by Kir Kolyshkin
* Tue Sep 09 2003 Nalin Dahyabhai - add more etypes (arcfour) to the default enctype list in kdc.conf- don\'t apply previous patch, refused upstream
* Sat Sep 06 2003 Nalin Dahyabhai 1.3.1-4- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
* Thu Sep 04 2003 Dan Walsh 1.3.1-3- Don\'t check for write access on /etc/krb5.conf if SELinux
* Wed Aug 27 2003 Nalin Dahyabhai 1.3.1-2- fixup some int/pointer varargs wackiness
* Wed Aug 06 2003 Nalin Dahyabhai 1.3.1-1- rebuild
* Tue Aug 05 2003 Nalin Dahyabhai 1.3.1-0- update to 1.3.1
* Fri Jul 25 2003 Nalin Dahyabhai 1.3-2- pull fix for non-compliant encoding of salt field in etype-info2 preauth data from 1.3.1 beta 1, until 1.3.1 is released.
* Tue Jul 22 2003 Nalin Dahyabhai 1.3-1- update to 1.3
* Tue Jul 08 2003 Nalin Dahyabhai 1.2.8-4- correctly use stdargs
* Thu Jun 19 2003 Nalin Dahyabhai 1.3-0.beta.4- test update to 1.3 beta 4- ditch statglue build option- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err
* Thu Jun 05 2003 Elliot Lee - rebuilt
* Thu May 22 2003 Jeremy Katz 1.2.8-2- gcc 3.3 doesn\'t implement varargs.h, include stdarg.h instead
* Thu Apr 10 2003 Nalin Dahyabhai 1.2.8-1- update to 1.2.8
* Tue Apr 01 2003 Nalin Dahyabhai 1.2.7-14- fix double-free of enc_part2 in krb524d
* Fri Mar 21 2003 Nalin Dahyabhai 1.2.7-13- update to latest patch kit for MITKRB5-SA-2003-004
* Wed Mar 19 2003 Nalin Dahyabhai 1.2.7-12- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028)
* Mon Mar 17 2003 Nalin Dahyabhai 1.2.7-11- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and CAN-2003-0139)
* Thu Mar 06 2003 Nalin Dahyabhai 1.2.7-10- rebuild
* Thu Mar 06 2003 Nalin Dahyabhai 1.2.7-9- fix buffer underrun in unparsing certain principals (CAN-2003-0082)
* Tue Feb 04 2003 Nalin Dahyabhai 1.2.7-8- add patch to document the reject-bad-transited option in kdc.conf
* Mon Feb 03 2003 Nalin Dahyabhai - add patch to fix server-side crashes when principals have no components (CAN-2003-0072)
* Thu Jan 23 2003 Nalin Dahyabhai 1.2.7-7- add patch from Mark Cox for exploitable bugs in ftp client
* Wed Jan 22 2003 Tim Powers - rebuilt
* Wed Jan 15 2003 Nalin Dahyabhai 1.2.7-5- use PICFLAGS when building code from the ktany patch
* Thu Jan 09 2003 Bill Nottingham 1.2.7-4- debloat
* Tue Jan 07 2003 Jeremy Katz 1.2.7-3- include .so.
* symlinks as well as .so.
*.
*
* Mon Dec 09 2002 Jakub Jelinek 1.2.7-2- always #include to access errno, never do it directly- enable LFS on a bunch of other 32-bit arches
* Wed Dec 04 2002 Nalin Dahyabhai - increase the maximum name length allowed by kuserok() to the higher value used in development versions
* Mon Dec 02 2002 Nalin Dahyabhai - install src/krb524/README as README.krb524 in the -servers package, includes information about converting for AFS principals
* Fri Nov 15 2002 Nalin Dahyabhai 1.2.7-1- update to 1.2.7- disable use of tcl
* Mon Nov 11 2002 Nalin Dahyabhai - update to 1.2.7-beta2 (internal only, not for release), dropping dnsparse and kadmind4 fixes
* Thu Oct 24 2002 Nalin Dahyabhai 1.2.6-5- add patch for buffer overflow in kadmind4 (not used by default)
* Sat Oct 12 2002 Nalin Dahyabhai 1.2.6-4- drop a hunk from the dnsparse patch which is actually redundant (thanks to Tom Yu)
* Thu Oct 10 2002 Nalin Dahyabhai 1.2.6-3- patch to handle truncated dns responses
* Tue Oct 08 2002 Nalin Dahyabhai 1.2.6-2- remove hashless key types from the default kdc.conf, they\'re not supposed to be there, noted by Sam Hartman on krbdev
* Sat Sep 28 2002 Nalin Dahyabhai 1.2.6-1- update to 1.2.6
* Sat Sep 14 2002 Nalin Dahyabhai 1.2.5-7- use %{_lib} for the sake of multilib systems
* Sat Aug 03 2002 Nalin Dahyabhai 1.2.5-6- add patch from Tom Yu for exploitable bugs in rpc code used in kadmind
* Wed Jul 24 2002 Nalin Dahyabhai 1.2.5-5- fix bug in krb5.csh which would cause the path check to always succeed
* Sat Jul 20 2002 Jakub Jelinek 1.2.5-4- build even libdb.a with -fPIC and $RPM_OPT_FLAGS.
* Sat Jun 22 2002 Tim Powers - automated rebuild
* Mon May 27 2002 Tim Powers - automated rebuild
* Thu May 02 2002 Nalin Dahyabhai 1.2.5-1- update to 1.2.5- disable statglue
* Fri Mar 01 2002 Nalin Dahyabhai 1.2.4-1- update to 1.2.4
* Wed Feb 20 2002 Nalin Dahyabhai 1.2.3-5- rebuild in new environment- reenable statglue
* Sat Jan 26 2002 Florian La Roche - prereq chkconfig for the server subpackage
* Wed Jan 16 2002 Nalin Dahyabhai 1.2.3-3- build without -g3, which gives us large static libraries in -devel
* Tue Jan 15 2002 Nalin Dahyabhai 1.2.3-2- reintroduce ld.so.conf munging in the -libs %post
* Thu Jan 10 2002 Nalin Dahyabhai 1.2.3-1- rename the krb5 package back to krb5-libs; the previous rename caused something of an uproar- update to 1.2.3, which includes the FTP and telnetd fixes- configure without --enable-dns-for-kdc --enable-dns-for-realm, which now set the default behavior instead of enabling the feature (the feature is enabled by --enable-dns, which we still use)- reenable optimizations on Alpha- support more encryption types in the default kdc.conf (heads-up from post to comp.protocols.kerberos by Jason Heiss)
* Sat Aug 04 2001 Nalin Dahyabhai 1.2.2-14- rename the krb5-libs package to krb5 (naming a subpackage -libs when there is no main package is silly)- move defaults for PAM to the appdefaults section of krb5.conf -- this is the area where the krb5_appdefault_
* functions look for settings)- disable statglue (warning: breaks binary compatibility with previous packages, but has to be broken at some point to work correctly with unpatched versions built with newer versions of glibc)
* Sat Aug 04 2001 Nalin Dahyabhai 1.2.2-13- bump release number and rebuild
* Thu Aug 02 2001 Nalin Dahyabhai - add patch to fix telnetd vulnerability
* Sat Jul 21 2001 Nalin Dahyabhai - tweak statglue.c to fix stat/stat64 aliasing problems- be cleaner in use of gcc to build shlibs
* Thu Jul 12 2001 Nalin Dahyabhai - use gcc to build shared libraries
* Thu Jun 28 2001 Nalin Dahyabhai - add patch to support \"ANY\" keytab type (i.e., \"default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab\" patch from Gerald Britton, #42551)- build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)- patch ftpd to use long long and %lld format specifiers to support the SIZE command on large files (also #30697)- don\'t use LOG_AUTH as an option value when calling openlog() in ksu (#45965)- implement reload in krb5kdc and kadmind init scripts (#41911)- lose the krb5server init script (not using it any more)
* Mon Jun 25 2001 Elliot Lee - Bump release + rebuild.
* Wed May 30 2001 Nalin Dahyabhai - pass some structures by address instead of on the stack in krb5kdc
* Wed May 23 2001 Nalin Dahyabhai - rebuild in new environment
* Fri Apr 27 2001 Nalin Dahyabhai - add patch from Tom Yu to fix ftpd overflows (#37731)
* Thu Apr 19 2001 Than Ngo - disable optimizations on the alpha again
* Sat Mar 31 2001 Nalin Dahyabhai - add in glue code to make sure that libkrb5 continues to provide a weak copy of stat()
* Thu Mar 15 2001 Nalin Dahyabhai - build alpha with -O0 for now
* Thu Mar 08 2001 Nalin Dahyabhai - fix the kpropd init script
* Mon Mar 05 2001 Nalin Dahyabhai - update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO- re-enable optimization on Alpha
* Thu Feb 08 2001 Nalin Dahyabhai - build alpha with -O0 for now- own /var/kerberos
* Tue Feb 06 2001 Nalin Dahyabhai - own the directories which are created for each package (#26342)
* Tue Jan 23 2001 Nalin Dahyabhai - gettextize init scripts
* Fri Jan 19 2001 Nalin Dahyabhai - add some comments to the ksu patches for the curious- re-enable optimization on alphas
* Mon Jan 15 2001 Nalin Dahyabhai - fix krb5-send-pr (#18932) and move it from -server to -workstation- buildprereq libtermcap-devel- temporariliy disable optimization on alphas- gettextize init scripts
* Tue Dec 05 2000 Nalin Dahyabhai - force -fPIC
* Fri Dec 01 2000 Nalin Dahyabhai - rebuild in new environment
* Tue Oct 31 2000 Nalin Dahyabhai - add bison as a BuildPrereq (#20091)
* Mon Oct 30 2000 Nalin Dahyabhai - change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000)
* Fri Oct 06 2000 Nalin Dahyabhai - apply kpasswd bug fixes from David Wragg
* Thu Oct 05 2000 Nalin Dahyabhai - make krb5-libs obsolete the old krb5-configs package (#18351)- don\'t quit from the kpropd init script if there\'s no principal database so that you can propagate the first time without running kpropd manually- don\'t complain if /etc/ld.so.conf doesn\'t exist in the -libs %post
* Wed Sep 13 2000 Nalin Dahyabhai - fix credential forwarding problem in klogind (goof in KRB5CCNAME handling) (#11588)- fix heap corruption bug in FTP client (#14301)
* Thu Aug 17 2000 Nalin Dahyabhai - fix summaries and descriptions- switched the default transfer protocol from PORT to PASV as proposed on bugzilla (#16134), and to match the regular ftp package\'s behavior
* Thu Jul 20 2000 Jeff Johnson - rebuild to compress man pages.
* Sun Jul 16 2000 Bill Nottingham - move initscript back
* Sat Jul 15 2000 Nalin Dahyabhai - disable servers by default to keep linuxconf from thinking they need to be started when they don\'t
* Fri Jul 14 2000 Prospector - automatic rebuild
* Tue Jul 11 2000 Nalin Dahyabhai - change cleanup code in post to not tickle chkconfig- add grep as a Prereq: for -libs
* Fri Jul 07 2000 Nalin Dahyabhai - move condrestarts to postun- make xinetd configs noreplace- add descriptions to xinetd configs- add /etc/init.d as a prereq for the -server package- patch to properly truncate $TERM in krlogind
* Sat Jul 01 2000 Nalin Dahyabhai - update to 1.2.1- back out Tom Yu\'s patch, which is a big chunk of the 1.2 -> 1.2.1 update- start using the official source tarball instead of its contents
* Fri Jun 30 2000 Nalin Dahyabhai - Tom Yu\'s patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind- pull out 6.2 options in the spec file (sonames changing in 1.2 means it\'s not compatible with other stuff in 6.2, so no need)
* Thu Jun 29 2000 Nalin Dahyabhai - tweak graceful start/stop logic in post and preun
* Tue Jun 27 2000 Nalin Dahyabhai - update to the 1.2 release- ditch a lot of our patches which went upstream- enable use of DNS to look up things at build-time- disable use of DNS to look up things at run-time in default krb5.conf- change ownership of the convert-config-files script to root.root- compress PS docs- fix some typos in the kinit man page- run condrestart in server post, and shut down in preun
* Tue Jun 20 2000 Nalin Dahyabhai - only remove old krb5server init script links if the init script is there
* Sun Jun 18 2000 Nalin Dahyabhai - disable kshell and eklogin by default
* Fri Jun 16 2000 Nalin Dahyabhai - patch mkdir/rmdir problem in ftpcmd.y- add condrestart option to init script- split the server init script into three pieces and add one for kpropd
* Thu Jun 15 2000 Nalin Dahyabhai - make sure workstation servers are all disabled by default- clean up krb5server init script
* Sat Jun 10 2000 Nalin Dahyabhai - apply second set of buffer overflow fixes from Tom Yu- fix from Dirk Husung for a bug in buffer cleanups in the test suite- work around possibly broken rev binary in running test suite- move default realm configs from /var/kerberos to /var/kerberos
* Wed Jun 07 2000 Nalin Dahyabhai - make ksu and v4rcp owned by root
* Sun Jun 04 2000 Nalin Dahyabhai - use %{_infodir} to better comply with FHS- move .so files to -devel subpackage- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)- fix package descriptions again
* Thu May 25 2000 Nalin Dahyabhai - change a LINE_MAX to 1024, fix from Ken Raeburn- add fix for login vulnerability in case anyone rebuilds without krb4 compat- add tweaks for byte-swapping macros in krb.h, also from Ken- add xinetd config files- make rsh and rlogin quieter- build with debug to fix credential forwarding- add rsh as a build-time req because the configure scripts look for it to determine paths
* Thu May 18 2000 Nalin Dahyabhai - fix config_subpackage logic
* Wed May 17 2000 Nalin Dahyabhai - remove setuid bit on v4rcp and ksu in case the checks previously added don\'t close all of the problems in ksu- apply patches from Jeffrey Schiller to fix overruns Chris Evans found- reintroduce configs subpackage for use in the errata- add PreReq: sh-utils
* Tue May 16 2000 Nalin Dahyabhai - fix double-free in the kdc (patch merged into MIT tree)- include convert-config-files script as a documentation file
* Thu May 04 2000 Nalin Dahyabhai - patch ksu man page because the -C option never works- add access() checks and disable debug mode in ksu- modify default ksu build arguments to specify more directories in CMD_PATH and to use getusershell()
* Thu May 04 2000 Bill Nottingham - fix configure stuff for ia64
* Tue Apr 11 2000 Nalin Dahyabhai - add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)- change Requires: for/in subpackages to include 1.6.1
* Thu Apr 06 2000 Nalin Dahyabhai - add man pages for kerberos(1), kvno(1), .k5login(5)- add kvno to -workstation
* Tue Apr 04 2000 Nalin Dahyabhai - Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a %config file anyway.- Make krb5.conf a noreplace config file.
* Fri Mar 31 2000 Nalin Dahyabhai - Make klogind pass a clean environment to children, like NetKit\'s rlogind does.
* Wed Mar 08 2000 Nalin Dahyabhai - Don\'t enable the server by default.- Compress info pages.- Add defaults for the PAM module to krb5.conf
* Mon Mar 06 2000 Nalin Dahyabhai - Correct copyright: it\'s exportable now, provided the proper paperwork is filed with the government. | |
