rpms/pam_krb5/F-9 pam_krb5.spec, 1.64, 1.65 sources, 1.51, 1.52 pam_krb5-2.3.0-ccacheperms.patch, 1.1, NONE

Tue Jun 9 22:20:23 UTC 2009

Author: nalin

Update of /cvs/pkgs/rpms/pam_krb5/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28368/F-9

Modified Files:
	pam_krb5.spec sources 
Removed Files:
	pam_krb5-2.3.0-ccacheperms.patch 
Log Message:
- update to 2.3.5 to fix CVE-2009-1384



Index: pam_krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-9/pam_krb5.spec,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -p -r1.64 -r1.65

--- pam_krb5.spec	1 Oct 2008 19:01:05 -0000	1.64
+++ pam_krb5.spec	9 Jun 2009 22:19:51 -0000	1.65
@@ -1,13 +1,12 @@
 Summary: A Pluggable Authentication Module for Kerberos 5.
 Name: pam_krb5
-Version: 2.3.0
-Release: 2%{?dist}
+Version: 2.3.5
+Release: 1%{?dist}
 Source0: pam_krb5-%{version}-1.tar.gz
-Patch0: pam_krb5-2.3.0-ccacheperms.patch
-License: BSD or LGPL+
+License: BSD or LGPLv2+
 Group: System Environment/Base
+URL: https://fedorahosted.org/pam_krb5/
 BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel
-BuildPrereq: autoconf, automake, libtool
 BuildRoot: %{_tmppath}/%{name}-root
 
 %description 
@@ -18,8 +17,6 @@ The included pam_krb5afs module also get
 
 %prep
 %setup -q -n pam_krb5-%{version}-1
-%patch0 -p1 -b .ccacheperms
-autoreconf -i
 
 %build
 CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
@@ -36,10 +33,12 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/security/*
 # Make the paths jive to avoid conflicts on multilib systems.
 sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8*
 
+%find_lang %{name}
+
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
 
-%files
+%files -f %{name}.lang
 %defattr(-,root,root)
 %{_bindir}/*
 /%{_lib}/security/pam_krb5.so
@@ -50,12 +49,39 @@ sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM
 %{_mandir}/man8/*
 %doc README* COPYING* ChangeLog NEWS
 
-# $Id$
 %changelog
-* Wed Oct  1 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.0-2
+* Tue May 26 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.5-1
+- catch the case where we pass a NULL initial password into libkrb5 and
+  it uses our callback to ask us for the password for the user using a
+  principal name, and reject that (#502602)
+- always prompt for a password unless we were told not to (#502602,
+  CVE-2009-1384)
+
+* Wed Mar  4 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.4-1
+- don't request password-changing credentials with the same options that we
+  use when requesting ticket granting tickets, which might run afoul of KDC
+  policies
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb  6 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.3-1
+- clean up a couple of debug messages
+
+* Fri Feb  6 2009 Nalin Dahyabhai <nalin at redhat.com>
+- clean up a couple of unclosed pipes to nowhere
+
+* Wed Oct  1 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.2-1
 - fix ccache permissions bypass when the "existing_ticket" option is used
   (CVE-2008-3825)
 
+* Wed Aug 27 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 2.3.0-2
+- fix license tag
+
+* Wed Apr  9 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.1-1
+- don't bother trying to set up a temporary v4 ticket file during session open
+  unless we obtained v4 creds somewhere
+
 * Mon Mar 10 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.0-1
 - add a "null_afs" option
 - add a "token_strategy" option


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-9/sources,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- sources	10 Mar 2008 21:40:31 -0000	1.51
+++ sources	9 Jun 2009 22:19:51 -0000	1.52
@@ -1 +1 @@
-83cdefd14a8104c7c1b8960267882912  pam_krb5-2.3.0-1.tar.gz
+24978d4b0886e6cc83baa00124937143  pam_krb5-2.3.5-1.tar.gz


--- pam_krb5-2.3.0-ccacheperms.patch DELETED ---


