SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG
DONATE


YUM REPOSITORY

 
 
Changelog for krb5-libs-1.6.3-10.fc9.i386.rpm :
Tue Mar 18 23:00:00 2008 Nalin Dahyabhai 1.6.3-10
- add fixes from MITKRB5-SA-2008-001 for use of null or dangling pointer
when v4 compatibility is enabled on the KDC (CVE-2008-0062, CVE-2008-0063,
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351)

Tue Mar 18 23:00:00 2008 Nalin Dahyabhai 1.6.3-9
- rework file labeling patch to not depend on fragile preprocessor trickery,
in another attempt at fixing #428355 and friends

Tue Feb 26 23:00:00 2008 Nalin Dahyabhai 1.6.3-8
- ftp: add patch to fix \"runique on\" case when globbing fixes applied
- stop adding a redundant but harmless call to initialize the gssapi internals

Mon Feb 25 23:00:00 2008 Nalin Dahyabhai
- add patch to suppress double-processing of /etc/krb5.conf when we build
with --sysconfdir=/etc, thereby suppressing double-logging (#231147)

Mon Feb 25 23:00:00 2008 Nalin Dahyabhai
- remove a patch, to fix problems with interfaces which are \"up\" but which
have no address assigned, which conflicted with a different fix for the same
problem in 1.5 (#200979)

Mon Feb 25 23:00:00 2008 Nalin Dahyabhai
- ftp: don\'t lose track of a descriptor on passive get when the server fails to
open a file

Mon Feb 25 23:00:00 2008 Nalin Dahyabhai
- in login, allow PAM to interact with the user when they\'ve been strongly
authenticated
- in login, signal PAM when we\'re changing an expired password that it\'s an
expired password, so that when cracklib flags a password as being weak it\'s
treated as an error even if we\'re running as root

Mon Feb 18 23:00:00 2008 Nalin Dahyabhai 1.6.3-7
- drop netdb patch
- kdb_ldap: add patch to treat \'nsAccountLock: true\' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with Fedora,
Netscape, Red Hat Directory Server (Simo Sorce)

Wed Feb 13 23:00:00 2008 Nalin Dahyabhai 1.6.3-6
- patch to avoid depending on to define NI_MAXHOST and NI_MAXSERV

Tue Feb 12 23:00:00 2008 Nalin Dahyabhai 1.6.3-5
- enable patch for key-expiration reporting
- enable patch to make kpasswd fall back to TCP if UDP fails (#251206)
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be found
when searching for creds

Wed Jan 2 23:00:00 2008 Nalin Dahyabhai 1.6.3-4
- some init script cleanups
- drop unquoted check and silent exit for \"$NETWORKING\" (#426852, #242502)
- krb524: don\'t barf on missing database if it looks like we\'re using kldap,
same as for kadmin
- return non-zero status for missing files which cause startup to
fail (#242502)

Tue Dec 18 23:00:00 2007 Nalin Dahyabhai 1.6.3-3
- allocate space for the nul-terminator in the local pathname when looking up
a file context, and properly free a previous context (Jose Plans, #426085)

Wed Dec 5 23:00:00 2007 Nalin Dahyabhai 1.6.3-2
- rebuild

Wed Oct 24 00:00:00 2007 Nalin Dahyabhai 1.6.3-1
- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999
and CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)

Thu Oct 18 00:00:00 2007 Nalin Dahyabhai 1.6.2-10
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd

Sat Oct 13 00:00:00 2007 Nalin Dahyabhai
- make krb5.conf %verify(not md5 size mtime) in addition to
%config(noreplace), like /etc/nsswitch.conf (#329811)

Tue Oct 2 00:00:00 2007 Nalin Dahyabhai 1.6.2-9
- apply the fix for CVE-2007-4000 instead of the experimental patch for
setting ok-as-delegate flags

Wed Sep 12 00:00:00 2007 Nalin Dahyabhai 1.6.2-8
- move the db2 kdb plugin from -server to -libs, because a multilib libkdb
might need it

Wed Sep 12 00:00:00 2007 Nalin Dahyabhai 1.6.2-7
- also perform PAM session and credential management when ftpd accepts a
client using strong authentication, missed earlier
- also label kadmind log files and files created by the db2 plugin

Fri Sep 7 00:00:00 2007 Nalin Dahyabhai 1.6.2-6
- incorporate updated fix for CVE-2007-3999 (CVE-2007-4743)
- fix incorrect call to \"test\" in the kadmin init script (#252322,#287291)

Wed Sep 5 00:00:00 2007 Nalin Dahyabhai 1.6.2-5
- incorporate fixes for MITKRB5-SA-2007-006 (CVE-2007-3999, CVE-2007-4000)

Sun Aug 26 00:00:00 2007 Nalin Dahyabhai 1.6.2-4
- cover more cases in labeling files on creation
- add missing gawk build dependency

Fri Aug 24 00:00:00 2007 Nalin Dahyabhai 1.6.2-3
- rebuild

Fri Jul 27 00:00:00 2007 Nalin Dahyabhai 1.6.2-2
- kdc.conf: default to listening for TCP clients, too (#248415)

Fri Jul 20 00:00:00 2007 Nalin Dahyabhai 1.6.2-1
- update to 1.6.2
- add \"buildrequires: texinfo-tex\" to get texi2pdf

Thu Jun 28 00:00:00 2007 Nalin Dahyabhai 1.6.1-8
- incorporate fixes for MITKRB5-SA-2007-004 (CVE-2007-2442,CVE-2007-2443)
and MITKRB5-SA-2007-005 (CVE-2007-2798)

Tue Jun 26 00:00:00 2007 Nalin Dahyabhai 1.6.1-7
- reintroduce missing %postun for the non-split_workstation case

Tue Jun 26 00:00:00 2007 Nalin Dahyabhai 1.6.1-6
- rebuild

Tue Jun 26 00:00:00 2007 Nalin Dahyabhai 1.6.1-5.1
- rebuild

Mon Jun 25 00:00:00 2007 Nalin Dahyabhai 1.6.1-5
- add missing pam-devel build requirement, force selinux-or-fail build

Mon Jun 25 00:00:00 2007 Nalin Dahyabhai 1.6.1-4
- rebuild

Mon Jun 25 00:00:00 2007 Nalin Dahyabhai 1.6.1-3
- label all files at creation-time according to the SELinux policy (#228157)

Sat Jun 23 00:00:00 2007 Nalin Dahyabhai
- perform PAM account / session management in krshd (#182195,#195922)
- perform PAM authentication and account / session management in ftpd
- perform PAM authentication, account / session management, and password-
changing in login.krb5 (#182195,#195922)

Sat Jun 23 00:00:00 2007 Nalin Dahyabhai
- preprocess kerberos.ldif into a format FDS will like better, and include
that as a doc file as well

Sat Jun 23 00:00:00 2007 Nalin Dahyabhai
- switch man pages to being generated with the right paths in them
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file errors
at same point that keytab routines do (#241805)

Fri May 25 00:00:00 2007 Nalin Dahyabhai 1.6.1-2
- pull patch from svn to undo unintentional chattiness in ftp
- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
better in a couple of places where they\'re expected

Thu May 24 00:00:00 2007 Nalin Dahyabhai 1.6.1-1
- update to 1.6.1
- drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
- drop patch for sendto bug in 1.6, fixed in 1.6.1

Sat May 19 00:00:00 2007 Nalin Dahyabhai
- kadmind.init: don\'t fail outright if the default principal database
isn\'t there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
service when we try to create the keytab

Thu May 17 00:00:00 2007 Nalin Dahyabhai 1.6-6
- omit dependent libraries from the krb5-config --libs output, as using
shared libraries (no more static libraries) makes them unnecessary and
they\'re not part of the libkrb5 interface (patch by Rex Dieter, #240220)
(strips out libkeyutils, libresolv, libdl)

Sat May 5 00:00:00 2007 Nalin Dahyabhai 1.6-5
- pull in keyutils as a build requirement to get the \"KEYRING:\" ccache type,
because we\'ve merged

Sat May 5 00:00:00 2007 Nalin Dahyabhai 1.6-4
- fix an uninitialized length value which could cause a crash when parsing
key data coming from a directory server
- correct a typo in the krb5.conf man page (\"ldap_server\"->\"ldap_servers\")

Sat Apr 14 00:00:00 2007 Nalin Dahyabhai
- move the default acl_file, dict_file, and admin_keytab settings to
the part of the default/example kdc.conf where they\'ll actually have
an effect (#236417)

Fri Apr 6 00:00:00 2007 Nalin Dahyabhai 1.5-24
- merge security fixes from RHSA-2007:0095

Wed Apr 4 00:00:00 2007 Nalin Dahyabhai 1.6-3
- add patch to correct unauthorized access via krb5-aware telnet
daemon (#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind
(#231528, CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)

Thu Mar 22 23:00:00 2007 Nalin Dahyabhai
- back out buildrequires: keyutils-libs-devel for now

Thu Mar 22 23:00:00 2007 Nalin Dahyabhai 1.6-2
- add buildrequires: on keyutils-libs-devel to enable use of keyring ccaches,
dragging keyutils-libs in as a dependency

Mon Mar 19 23:00:00 2007 Nalin Dahyabhai 1.5-23
- fix bug ID in changelog

Thu Mar 15 23:00:00 2007 Nalin Dahyabhai 1.5-22

* Thu Mar 15 2007 Nalin Dahyabhai 1.5-21
- add preliminary patch to fix buffer overflow in krb5kdc and kadmind
(#231528, CVE-2007-0957)
- add preliminary patch to fix double-free in kadmind (#231537, CVE-2007-1216)

Wed Feb 28 23:00:00 2007 Nalin Dahyabhai
- add patch to build semi-useful static libraries, but don\'t apply it unless
we need them

Tue Feb 27 23:00:00 2007 Nalin Dahyabhai - 1.5-20
- temporarily back out %post changes, fix for #143289 for security update
- add preliminary patch to correct unauthorized access via krb5-aware telnet

Mon Feb 19 23:00:00 2007 Nalin Dahyabhai
- make profile.d scriptlets mode 644 instead of 755 (part of #225974)

Tue Jan 30 23:00:00 2007 Nalin Dahyabhai 1.6-1
- clean up quoting of command-line arguments passed to the krsh/krlogin
wrapper scripts

Mon Jan 22 23:00:00 2007 Nalin Dahyabhai
- initial update to 1.6, pre-package-reorg
- move workstation daemons to a new subpackage (#81836, #216356, #217301), and
make the new subpackage require xinetd (#211885)

Mon Jan 22 23:00:00 2007 Nalin Dahyabhai - 1.5-18
- make use of install-info more failsafe (Ville Skyttä, #223704)
- preserve timestamps on shell scriptlets at %install-time

Tue Jan 16 23:00:00 2007 Nalin Dahyabhai - 1.5-17
- move to using pregenerated PDF docs to cure multilib conflicts (#222721)

Fri Jan 12 23:00:00 2007 Nalin Dahyabhai - 1.5-16
- update backport of the preauth module interface (part of #194654)

Tue Jan 9 23:00:00 2007 Nalin Dahyabhai - 1.5-14
- apply fixes from Tom Yu for MITKRB5-SA-2006-002 (CVE-2006-6143) (#218456)
- apply fixes from Tom Yu for MITKRB5-SA-2006-003 (CVE-2006-6144) (#218456)

Wed Dec 20 23:00:00 2006 Nalin Dahyabhai - 1.5-12
- update backport of the preauth module interface

Mon Oct 30 23:00:00 2006 Nalin Dahyabhai
- update backport of the preauth module interface
- add proposed patches 4566, 4567
- add proposed edata reporting interface for KDC
- add temporary placeholder for module global context fixes

Tue Oct 24 00:00:00 2006 Nalin Dahyabhai - 1.5-11
- don\'t bail from the KDC init script if there\'s no database, it may be in
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn\'t seem to have
been applicable for a while

Thu Oct 19 00:00:00 2006 Nalin Dahyabhai - 1.5-10
- rename krb5.sh and krb5.csh so that they don\'t overlap (#210623)
- way-late application of added error info in kadmind.init (#65853)

Thu Oct 19 00:00:00 2006 Nalin Dahyabhai - 1.5-9.pal_18695
- add backport of in-development preauth module interface (#208643)

Tue Oct 10 00:00:00 2006 Nalin Dahyabhai - 1.5-9
- provide docs in PDF format instead of as tex source (Enrico Scholz, #209943)

Thu Oct 5 00:00:00 2006 Nalin Dahyabhai - 1.5-8
- add missing shebang headers to krsh and krlogin wrapper scripts (#209238)

Thu Sep 7 00:00:00 2006 Nalin Dahyabhai - 1.5-7
- set SS_LIB at configure-time so that libss-using apps get working readline
support (#197044)

Sat Aug 19 00:00:00 2006 Nalin Dahyabhai - 1.5-6
- switch to the updated patch for MITKRB-SA-2006-001

Wed Aug 9 00:00:00 2006 Nalin Dahyabhai - 1.5-5
- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)

Tue Aug 8 00:00:00 2006 Nalin Dahyabhai - 1.5-4
- ensure that the gssapi library\'s been initialized before walking the
internal mechanism list in gss_release_oid(), needed if called from
gss_release_name() right after a gss_import_name() (#198092)

Wed Jul 26 00:00:00 2006 Nalin Dahyabhai - 1.5-3
- rebuild

Wed Jul 26 00:00:00 2006 Nalin Dahyabhai - 1.5-2
- pull up latest revision of patch to reduce lockups in rsh/rshd

Tue Jul 18 00:00:00 2006 Nalin Dahyabhai - 1.5-1.2
- rebuild

Thu Jul 13 00:00:00 2006 Jesse Keating - 1.5-1.1
- rebuild

Fri Jul 7 00:00:00 2006 Nalin Dahyabhai 1.5-1
- build

Thu Jul 6 00:00:00 2006 Nalin Dahyabhai 1.5-0
- update to 1.5

Sat Jun 24 00:00:00 2006 Nalin Dahyabhai 1.4.3-9
- mark profile.d config files noreplace (Laurent Rineau, #196447)

Fri Jun 9 00:00:00 2006 Nalin Dahyabhai 1.4.3-8
- add buildprereq for autoconf

Tue May 23 00:00:00 2006 Nalin Dahyabhai 1.4.3-7
- further munge krb5-config so that \'libdir=/usr/lib\' is given even on 64-bit
architectures, to avoid multilib conflicts; other changes will conspire to
strip out the -L flag which uses this, so it should be harmless (#192692)

Sat Apr 29 00:00:00 2006 Nalin Dahyabhai 1.4.3-6
- adjust the patch which removes the use of rpath to also produce a
krb5-config which is okay in multilib environments (#190118)
- make the name-of-the-tempfile comment which compile_et adds to error code
headers always list the same file to avoid conflicts on multilib installations
- strip SIZEOF_LONG out of krb5.h so that it doesn\'t conflict on multilib boxes
- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn\'t conflict on mulitlib
boxes

Sat Apr 15 00:00:00 2006 Stepan Kasal 1.4.3-5
- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)

Fri Feb 10 23:00:00 2006 Jesse Keating 1.4.3-4.1
- bump again for double-long bug on ppc(64)

Mon Feb 6 23:00:00 2006 Nalin Dahyabhai 1.4.3-4
- give a little bit more information to the user when kinit gets the catch-all
I/O error (#180175)

Thu Jan 19 23:00:00 2006 Nalin Dahyabhai 1.4.3-3
- rebuild properly when pthread_mutexattr_setrobust_np() is defined but not
declared, such as with recent glibc when _GNU_SOURCE isn\'t being used

Thu Jan 19 23:00:00 2006 Matthias Clasen 1.4.3-2
- Use full paths in krb5.sh to avoid path lookups

Fri Dec 9 23:00:00 2005 Jesse Keating
- rebuilt

Thu Dec 1 23:00:00 2005 Nalin Dahyabhai
- login: don\'t truncate passwords before passing them into crypt(), in
case they\'re significant (#149476)

Thu Nov 17 23:00:00 2005 Nalin Dahyabhai 1.4.3-1
- update to 1.4.3
- make ksu setuid again (#137934, others)

Wed Sep 14 00:00:00 2005 Nalin Dahyabhai 1.4.2-4
- mark %{krb5prefix}/man so that files which are packaged within it are
flagged as %doc (#168163)

Wed Sep 7 00:00:00 2005 Nalin Dahyabhai 1.4.2-3
- add an xinetd configuration file for encryption-only telnetd, parallelling
the kshell/ekshell pair (#167535)

Thu Sep 1 00:00:00 2005 Nalin Dahyabhai 1.4.2-2
- change the default configured encryption type for KDC databases to the
compiled-in default of des3-hmac-sha1 (#57847)

Fri Aug 12 00:00:00 2005 Nalin Dahyabhai 1.4.2-1
- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
MIT-KRB5-SA-2005-003

Thu Jun 30 00:00:00 2005 Nalin Dahyabhai 1.4.1-6
- rebuild

Thu Jun 30 00:00:00 2005 Nalin Dahyabhai 1.4.1-5
- fix telnet client environment variable disclosure the same way NetKit\'s
telnet client did (CAN-2005-0488) (#159305)
- keep apps which call krb5_principal_compare() or krb5_realm_compare() with
malformed or NULL principal structures from crashing outright (Thomas Biege)
(#161475)

Wed Jun 29 00:00:00 2005 Nalin Dahyabhai
- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)
(#157104)
- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)

Sat Jun 25 00:00:00 2005 Nalin Dahyabhai 1.4.1-4
- fix double-close in keytab handling
- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)

Sat May 14 00:00:00 2005 Nalin Dahyabhai 1.4.1-3
- prevent spurious EBADF in krshd when stdin is closed by the client while
the command is running (#151111)

Sat May 14 00:00:00 2005 Martin Stransky 1.4.1-2
- add deadlock patch, removed old patch

Sat May 7 00:00:00 2005 Nalin Dahyabhai 1.4.1-1
- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig
file for the service, pass it as an argument for the -r flag

Wed Mar 23 23:00:00 2005 Nalin Dahyabhai 1.4-3
- drop krshd patch for now

Thu Mar 17 23:00:00 2005 Nalin Dahyabhai
- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)

Wed Mar 16 23:00:00 2005 Nalin Dahyabhai 1.4-2
- don\'t include into the telnet client when we\'re not using curses

Thu Feb 24 23:00:00 2005 Nalin Dahyabhai 1.4-1
- update to 1.4
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the \"-O\"
flag to specify that it should communicate with the server using the older
protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
it on to krb524d
*instead of
* \"-m\"
- set \"forwardable\" in [libdefaults] in the default krb5.conf to match the
default setting which we supply for pam_krb5
- set a default of 24h for \"ticket_lifetime\" in [libdefaults], reflecting the
compiled-in default

Mon Dec 20 23:00:00 2004 Nalin Dahyabhai 1.3.6-3
- rebuild

Mon Dec 20 23:00:00 2004 Nalin Dahyabhai 1.3.6-2
- rebuild

Mon Dec 20 23:00:00 2004 Nalin Dahyabhai 1.3.6-1
- update to 1.3.6, which includes the previous fix

Mon Dec 20 23:00:00 2004 Nalin Dahyabhai 1.3.5-8
- apply fix from Tom Yu for MITKRB5-SA-2004-004 (CAN-2004-1189)

Fri Dec 17 23:00:00 2004 Martin Stransky 1.3.5-7
- fix deadlock during file transfer via rsync/krsh
- thanks goes to James Antill for hint

Fri Nov 26 23:00:00 2004 Nalin Dahyabhai 1.3.5-6
- rebuild

Mon Nov 22 23:00:00 2004 Nalin Dahyabhai 1.3.5-3
- fix predictable-tempfile-name bug in krb5-send-pr (CAN-2004-0971, #140036)

Tue Nov 16 23:00:00 2004 Nalin Dahyabhai
- silence compiler warning in kprop by using an in-memory ccache with a fixed
name instead of an on-disk ccache with a name generated by tmpnam()

Tue Nov 16 23:00:00 2004 Nalin Dahyabhai 1.3.5-2
- fix globbing patch port mode (#139075)

Mon Nov 1 23:00:00 2004 Nalin Dahyabhai 1.3.5-1
- fix segfault in telnet due to incorrect checking of gethostbyname_r result
codes (#129059)

Sat Oct 16 00:00:00 2004 Nalin Dahyabhai
- remove rc4-hmac:norealm and rc4-hmac:onlyrealm from the default list of
supported keytypes in kdc.conf -- they produce exactly the same keys as
rc4-hmac:normal because rc4 string-to-key ignores salts
- nuke kdcrotate -- there are better ways to balance the load on KDCs, and
the SELinux policy for it would have been scary-looking
- update to 1.3.5, mainly to include MITKRB5SA 2004-002 and 2004-003

Wed Sep 1 00:00:00 2004 Nalin Dahyabhai 1.3.4-7
- rebuild

Wed Aug 25 00:00:00 2004 Nalin Dahyabhai 1.3.4-6
- rebuild

Wed Aug 25 00:00:00 2004 Nalin Dahyabhai 1.3.4-5
- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
CAN-2004-0772

Tue Aug 24 00:00:00 2004 Nalin Dahyabhai 1.3.4-4
- rebuild

Tue Aug 24 00:00:00 2004 Nalin Dahyabhai 1.3.4-3
- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
(MITKRB5-SA-2004-002, #130732)
- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732)

Wed Jul 28 00:00:00 2004 Nalin Dahyabhai 1.3.4-2
- fix indexing error in server sorting patch (#127336)

Wed Jun 16 00:00:00 2004 Elliot Lee
- rebuilt

Tue Jun 15 00:00:00 2004 Nalin Dahyabhai 1.3.4-0.1
- update to 1.3.4 final

Tue Jun 8 00:00:00 2004 Nalin Dahyabhai 1.3.4-0
- update to 1.3.4 beta1
- remove MITKRB5-SA-2004-001, included in 1.3.4

Tue Jun 8 00:00:00 2004 Nalin Dahyabhai 1.3.3-8
- rebuild

Sat Jun 5 00:00:00 2004 Nalin Dahyabhai 1.3.3-7
- rebuild

Sat Jun 5 00:00:00 2004 Nalin Dahyabhai 1.3.3-6
- apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02)

Wed Jun 2 00:00:00 2004 Nalin Dahyabhai 1.3.3-5
- rebuild

Wed Jun 2 00:00:00 2004 Nalin Dahyabhai 1.3.3-4
- apply patch from MITKRB5-SA-2004-001 (#125001)

Thu May 13 00:00:00 2004 Thomas Woerner 1.3.3-3
- removed rpath

Fri Apr 16 00:00:00 2004 Nalin Dahyabhai 1.3.3-2
- re-enable large file support, fell out in 1.3-1
- patch rcp to use long long and %lld format specifiers when reporting file
sizes on large files

Wed Apr 14 00:00:00 2004 Nalin Dahyabhai 1.3.3-1
- update to 1.3.3

Wed Mar 10 23:00:00 2004 Nalin Dahyabhai 1.3.2-1
- update to 1.3.2

Mon Mar 8 23:00:00 2004 Nalin Dahyabhai 1.3.1-12
- rebuild

Tue Mar 2 23:00:00 2004 Elliot Lee 1.3.1-11.1
- rebuilt

Fri Feb 13 23:00:00 2004 Elliot Lee 1.3.1-11
- rebuilt

Mon Feb 9 23:00:00 2004 Nalin Dahyabhai 1.3.1-10
- catch krb4 send_to_kdc cases in kdc preference patch

Mon Feb 2 23:00:00 2004 Nalin Dahyabhai 1.3.1-9
- remove patch to set TERM in klogind which, combined with the upstream fix in
1.3.1, actually produces the bug now (#114762)

Mon Jan 19 23:00:00 2004 Nalin Dahyabhai 1.3.1-8
- when iterating over lists of interfaces which are \"up\" from getifaddrs(),
skip over those which have no address (#113347)

Mon Jan 12 23:00:00 2004 Nalin Dahyabhai
- prefer the kdc which last replied to a request when sending requests to kdcs

Mon Nov 24 23:00:00 2003 Nalin Dahyabhai 1.3.1-7
- fix combination of --with-netlib and --enable-dns (#82176)

Tue Nov 18 23:00:00 2003 Nalin Dahyabhai
- remove libdefault ticket_lifetime option from the default krb5.conf, it is
ignored by libkrb5

Fri Sep 26 00:00:00 2003 Nalin Dahyabhai 1.3.1-6
- fix bug in patch to make rlogind start login with a clean environment a la
netkit rlogin, spotted and fixed by Scott McClung

Wed Sep 24 00:00:00 2003 Nalin Dahyabhai 1.3.1-5
- include profile.d scriptlets in krb5-devel so that krb5-config will be in
the path if krb5-workstation isn\'t installed, reported by Kir Kolyshkin

Tue Sep 9 00:00:00 2003 Nalin Dahyabhai
- add more etypes (arcfour) to the default enctype list in kdc.conf
- don\'t apply previous patch, refused upstream

Sat Sep 6 00:00:00 2003 Nalin Dahyabhai 1.3.1-4
- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials

Thu Sep 4 00:00:00 2003 Dan Walsh 1.3.1-3
- Don\'t check for write access on /etc/krb5.conf if SELinux

Wed Aug 27 00:00:00 2003 Nalin Dahyabhai 1.3.1-2
- fixup some int/pointer varargs wackiness

Wed Aug 6 00:00:00 2003 Nalin Dahyabhai 1.3.1-1
- rebuild

Tue Aug 5 00:00:00 2003 Nalin Dahyabhai 1.3.1-0
- update to 1.3.1

Fri Jul 25 00:00:00 2003 Nalin Dahyabhai 1.3-2
- pull fix for non-compliant encoding of salt field in etype-info2 preauth
data from 1.3.1 beta 1, until 1.3.1 is released.

Tue Jul 22 00:00:00 2003 Nalin Dahyabhai 1.3-1
- update to 1.3

Tue Jul 8 00:00:00 2003 Nalin Dahyabhai 1.2.8-4
- correctly use stdargs

Thu Jun 19 00:00:00 2003 Nalin Dahyabhai 1.3-0.beta.4
- test update to 1.3 beta 4
- ditch statglue build option
- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err

Thu Jun 5 00:00:00 2003 Elliot Lee
- rebuilt

Thu May 22 00:00:00 2003 Jeremy Katz 1.2.8-2
- gcc 3.3 doesn\'t implement varargs.h, include stdarg.h instead

Thu Apr 10 00:00:00 2003 Nalin Dahyabhai 1.2.8-1
- update to 1.2.8

Tue Apr 1 00:00:00 2003 Nalin Dahyabhai 1.2.7-14
- fix double-free of enc_part2 in krb524d

Fri Mar 21 23:00:00 2003 Nalin Dahyabhai 1.2.7-13
- update to latest patch kit for MITKRB5-SA-2003-004

Wed Mar 19 23:00:00 2003 Nalin Dahyabhai 1.2.7-12
- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028)

Mon Mar 17 23:00:00 2003 Nalin Dahyabhai 1.2.7-11
- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and
CAN-2003-0139)

Thu Mar 6 23:00:00 2003 Nalin Dahyabhai 1.2.7-10
- rebuild

Thu Mar 6 23:00:00 2003 Nalin Dahyabhai 1.2.7-9
- fix buffer underrun in unparsing certain principals (CAN-2003-0082)

Tue Feb 4 23:00:00 2003 Nalin Dahyabhai 1.2.7-8
- add patch to document the reject-bad-transited option in kdc.conf

Mon Feb 3 23:00:00 2003 Nalin Dahyabhai
- add patch to fix server-side crashes when principals have no
components (CAN-2003-0072)

Thu Jan 23 23:00:00 2003 Nalin Dahyabhai 1.2.7-7
- add patch from Mark Cox for exploitable bugs in ftp client

Wed Jan 22 23:00:00 2003 Tim Powers
- rebuilt

Wed Jan 15 23:00:00 2003 Nalin Dahyabhai 1.2.7-5
- use PICFLAGS when building code from the ktany patch

Thu Jan 9 23:00:00 2003 Bill Nottingham 1.2.7-4
- debloat

Tue Jan 7 23:00:00 2003 Jeremy Katz 1.2.7-3
- include .so.
* symlinks as well as .so.
*.
*

Mon Dec 9 23:00:00 2002 Jakub Jelinek 1.2.7-2
- always #include to access errno, never do it directly
- enable LFS on a bunch of other 32-bit arches

Wed Dec 4 23:00:00 2002 Nalin Dahyabhai
- increase the maximum name length allowed by kuserok() to the higher value
used in development versions

Mon Dec 2 23:00:00 2002 Nalin Dahyabhai
- install src/krb524/README as README.krb524 in the -servers package,
includes information about converting for AFS principals

Fri Nov 15 23:00:00 2002 Nalin Dahyabhai 1.2.7-1
- update to 1.2.7
- disable use of tcl

Mon Nov 11 23:00:00 2002 Nalin Dahyabhai
- update to 1.2.7-beta2 (internal only, not for release), dropping dnsparse
and kadmind4 fixes

Thu Oct 24 00:00:00 2002 Nalin Dahyabhai 1.2.6-5
- add patch for buffer overflow in kadmind4 (not used by default)

Sat Oct 12 00:00:00 2002 Nalin Dahyabhai 1.2.6-4
- drop a hunk from the dnsparse patch which is actually redundant (thanks to
Tom Yu)

Thu Oct 10 00:00:00 2002 Nalin Dahyabhai 1.2.6-3
- patch to handle truncated dns responses

Tue Oct 8 00:00:00 2002 Nalin Dahyabhai 1.2.6-2
- remove hashless key types from the default kdc.conf, they\'re not supposed to
be there, noted by Sam Hartman on krbdev

Sat Sep 28 00:00:00 2002 Nalin Dahyabhai 1.2.6-1
- update to 1.2.6

Sat Sep 14 00:00:00 2002 Nalin Dahyabhai 1.2.5-7
- use %{_lib} for the sake of multilib systems

Sat Aug 3 00:00:00 2002 Nalin Dahyabhai 1.2.5-6
- add patch from Tom Yu for exploitable bugs in rpc code used in kadmind

Wed Jul 24 00:00:00 2002 Nalin Dahyabhai 1.2.5-5
- fix bug in krb5.csh which would cause the path check to always succeed

Sat Jul 20 00:00:00 2002 Jakub Jelinek 1.2.5-4
- build even libdb.a with -fPIC and $RPM_OPT_FLAGS.

Sat Jun 22 00:00:00 2002 Tim Powers
- automated rebuild

Mon May 27 00:00:00 2002 Tim Powers
- automated rebuild

Thu May 2 00:00:00 2002 Nalin Dahyabhai 1.2.5-1
- update to 1.2.5
- disable statglue

Fri Mar 1 23:00:00 2002 Nalin Dahyabhai 1.2.4-1
- update to 1.2.4

Wed Feb 20 23:00:00 2002 Nalin Dahyabhai 1.2.3-5
- rebuild in new environment
- reenable statglue

Sat Jan 26 23:00:00 2002 Florian La Roche
- prereq chkconfig for the server subpackage

Wed Jan 16 23:00:00 2002 Nalin Dahyabhai 1.2.3-3
- build without -g3, which gives us large static libraries in -devel

Tue Jan 15 23:00:00 2002 Nalin Dahyabhai 1.2.3-2
- reintroduce ld.so.conf munging in the -libs %post

Thu Jan 10 23:00:00 2002 Nalin Dahyabhai 1.2.3-1
- rename the krb5 package back to krb5-libs; the previous rename caused
something of an uproar
- update to 1.2.3, which includes the FTP and telnetd fixes
- configure without --enable-dns-for-kdc --enable-dns-for-realm, which now set
the default behavior instead of enabling the feature (the feature is enabled
by --enable-dns, which we still use)
- reenable optimizations on Alpha
- support more encryption types in the default kdc.conf (heads-up from post
to comp.protocols.kerberos by Jason Heiss)

Sat Aug 4 00:00:00 2001 Nalin Dahyabhai 1.2.2-14
- rename the krb5-libs package to krb5 (naming a subpackage -libs when there
is no main package is silly)
- move defaults for PAM to the appdefaults section of krb5.conf -- this is
the area where the krb5_appdefault_
* functions look for settings)
- disable statglue (warning: breaks binary compatibility with previous
packages, but has to be broken at some point to work correctly with
unpatched versions built with newer versions of glibc)

Sat Aug 4 00:00:00 2001 Nalin Dahyabhai 1.2.2-13
- bump release number and rebuild

Thu Aug 2 00:00:00 2001 Nalin Dahyabhai
- add patch to fix telnetd vulnerability

Sat Jul 21 00:00:00 2001 Nalin Dahyabhai
- tweak statglue.c to fix stat/stat64 aliasing problems
- be cleaner in use of gcc to build shlibs

Thu Jul 12 00:00:00 2001 Nalin Dahyabhai
- use gcc to build shared libraries

Thu Jun 28 00:00:00 2001 Nalin Dahyabhai
- add patch to support \"ANY\" keytab type (i.e.,
\"default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab\"
patch from Gerald Britton, #42551)
- build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)
- patch ftpd to use long long and %lld format specifiers to support the SIZE
command on large files (also #30697)
- don\'t use LOG_AUTH as an option value when calling openlog() in ksu (#45965)
- implement reload in krb5kdc and kadmind init scripts (#41911)
- lose the krb5server init script (not using it any more)

Mon Jun 25 00:00:00 2001 Elliot Lee
- Bump release + rebuild.

Wed May 30 00:00:00 2001 Nalin Dahyabhai
- pass some structures by address instead of on the stack in krb5kdc

Wed May 23 00:00:00 2001 Nalin Dahyabhai
- rebuild in new environment

Fri Apr 27 00:00:00 2001 Nalin Dahyabhai
- add patch from Tom Yu to fix ftpd overflows (#37731)

Thu Apr 19 00:00:00 2001 Than Ngo
- disable optimizations on the alpha again

Sat Mar 31 00:00:00 2001 Nalin Dahyabhai
- add in glue code to make sure that libkrb5 continues to provide a
weak copy of stat()

Thu Mar 15 23:00:00 2001 Nalin Dahyabhai
- build alpha with -O0 for now

Thu Mar 8 23:00:00 2001 Nalin Dahyabhai
- fix the kpropd init script

Mon Mar 5 23:00:00 2001 Nalin Dahyabhai
- update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO
- re-enable optimization on Alpha

Thu Feb 8 23:00:00 2001 Nalin Dahyabhai
- build alpha with -O0 for now
- own /var/kerberos

Tue Feb 6 23:00:00 2001 Nalin Dahyabhai
- own the directories which are created for each package (#26342)

Tue Jan 23 23:00:00 2001 Nalin Dahyabhai
- gettextize init scripts

Fri Jan 19 23:00:00 2001 Nalin Dahyabhai
- add some comments to the ksu patches for the curious
- re-enable optimization on alphas

Mon Jan 15 23:00:00 2001 Nalin Dahyabhai
- fix krb5-send-pr (#18932) and move it from -server to -workstation
- buildprereq libtermcap-devel
- temporariliy disable optimization on alphas
- gettextize init scripts

Tue Dec 5 23:00:00 2000 Nalin Dahyabhai
- force -fPIC

Fri Dec 1 23:00:00 2000 Nalin Dahyabhai
- rebuild in new environment

Tue Oct 31 23:00:00 2000 Nalin Dahyabhai
- add bison as a BuildPrereq (#20091)

Mon Oct 30 23:00:00 2000 Nalin Dahyabhai
- change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000)

Fri Oct 6 00:00:00 2000 Nalin Dahyabhai
- apply kpasswd bug fixes from David Wragg

Thu Oct 5 00:00:00 2000 Nalin Dahyabhai
- make krb5-libs obsolete the old krb5-configs package (#18351)
- don\'t quit from the kpropd init script if there\'s no principal database so
that you can propagate the first time without running kpropd manually
- don\'t complain if /etc/ld.so.conf doesn\'t exist in the -libs %post

Wed Sep 13 00:00:00 2000 Nalin Dahyabhai
- fix credential forwarding problem in klogind (goof in KRB5CCNAME handling)
(#11588)
- fix heap corruption bug in FTP client (#14301)

Thu Aug 17 00:00:00 2000 Nalin Dahyabhai
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
bugzilla (#16134), and to match the regular ftp package\'s behavior

Thu Jul 20 00:00:00 2000 Jeff Johnson
- rebuild to compress man pages.

Sun Jul 16 00:00:00 2000 Bill Nottingham
- move initscript back

Sat Jul 15 00:00:00 2000 Nalin Dahyabhai
- disable servers by default to keep linuxconf from thinking they need to be
started when they don\'t

Fri Jul 14 00:00:00 2000 Prospector
- automatic rebuild

Tue Jul 11 00:00:00 2000 Nalin Dahyabhai
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs

Fri Jul 7 00:00:00 2000 Nalin Dahyabhai
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind

Sat Jul 1 00:00:00 2000 Nalin Dahyabhai
- update to 1.2.1
- back out Tom Yu\'s patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents

Fri Jun 30 00:00:00 2000 Nalin Dahyabhai
- Tom Yu\'s patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it\'s not
compatible with other stuff in 6.2, so no need)

Thu Jun 29 00:00:00 2000 Nalin Dahyabhai
- tweak graceful start/stop logic in post and preun

Tue Jun 27 00:00:00 2000 Nalin Dahyabhai
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun

Tue Jun 20 00:00:00 2000 Nalin Dahyabhai
- only remove old krb5server init script links if the init script is there

Sun Jun 18 00:00:00 2000 Nalin Dahyabhai
- disable kshell and eklogin by default

Fri Jun 16 00:00:00 2000 Nalin Dahyabhai
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd

Thu Jun 15 00:00:00 2000 Nalin Dahyabhai
- make sure workstation servers are all disabled by default
- clean up krb5server init script

Sat Jun 10 00:00:00 2000 Nalin Dahyabhai
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos

Wed Jun 7 00:00:00 2000 Nalin Dahyabhai
- make ksu and v4rcp owned by root

Sun Jun 4 00:00:00 2000 Nalin Dahyabhai
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again

Thu May 25 00:00:00 2000 Nalin Dahyabhai
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4 compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
determine paths

Thu May 18 00:00:00 2000 Nalin Dahyabhai
- fix config_subpackage logic

Wed May 17 00:00:00 2000 Nalin Dahyabhai
- remove setuid bit on v4rcp and ksu in case the checks previously added
don\'t close all of the problems in ksu
- apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils

Tue May 16 00:00:00 2000 Nalin Dahyabhai
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file

Thu May 4 00:00:00 2000 Nalin Dahyabhai
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in CMD_PATH
and to use getusershell()

Thu May 4 00:00:00 2000 Bill Nottingham
- fix configure stuff for ia64

Tue Apr 11 00:00:00 2000 Nalin Dahyabhai
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
- change Requires: for/in subpackages to include 1.6.3

Thu Apr 6 00:00:00 2000 Nalin Dahyabhai
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation

Tue Apr 4 00:00:00 2000 Nalin Dahyabhai
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as
a %config file anyway.
- Make krb5.conf a noreplace config file.

Fri Mar 31 00:00:00 2000 Nalin Dahyabhai
- Make klogind pass a clean environment to children, like NetKit\'s rlogind does.

Wed Mar 8 23:00:00 2000 Nalin Dahyabhai
- Don\'t enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf

Mon Mar 6 23:00:00 2000 Nalin Dahyabhai
- Correct copyright: it\'s exportable now, provided the proper paperwork is
filed with the government.

Fri Mar 3 23:00:00 2000 Nalin Dahyabhai
- apply Mike Friedman\'s patch to fix format string problems
- don\'t strip off argv[0] when invoking regular rsh/rlogin

Thu Mar 2 23:00:00 2000 Nalin Dahyabhai
- run kadmin.local correctly at startup

Mon Feb 28 23:00:00 2000 Nalin Dahyabhai
- pass absolute path to kadm5.keytab if/when extracting keys at startup

Sat Feb 19 23:00:00 2000 Nalin Dahyabhai
- fix info page insertions

Wed Feb 9 23:00:00 2000 Nalin Dahyabhai
- tweak server init script to automatically extract kadm5 keys if
/var/kerberos/krb5kdc/kadm5.keytab doesn\'t exist yet
- adjust package descriptions

Thu Feb 3 23:00:00 2000 Nalin Dahyabhai
- fix for potentially gzipped man pages

Fri Jan 21 23:00:00 2000 Nalin Dahyabhai
- fix comments in krb5-configs

Fri Jan 7 23:00:00 2000 Nalin Dahyabhai
- move /usr/kerberos/bin to end of PATH

Tue Dec 28 23:00:00 1999 Nalin Dahyabhai
- install kadmin header files

Tue Dec 21 23:00:00 1999 Nalin Dahyabhai
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn\'t fix workstation-side servers

Mon Dec 20 23:00:00 1999 Nalin Dahyabhai
- remove hesiod dependency at build-time

Sun Dec 19 23:00:00 1999 Nalin Dahyabhai
- rebuild on 1.1.1

Fri Oct 8 00:00:00 1999 Nalin Dahyabhai
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza

Tue Oct 5 00:00:00 1999 Nalin Dahyabhai
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael\'s C version

Mon Sep 27 00:00:00 1999 Nalin Dahyabhai
- added -lncurses to telnet and telnetd makefiles

Tue Jul 6 00:00:00 1999 Nalin Dahyabhai
- added krb5.csh and krb5.sh to /etc/profile.d

Wed Jun 23 00:00:00 1999 Nalin Dahyabhai
- broke out configuration files

Tue Jun 15 00:00:00 1999 Nalin Dahyabhai
- fixed server package so that it works now

Sun May 16 00:00:00 1999 Nalin Dahyabhai
- started changelog (previous package from zedz.net)
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build