rpms/pam_krb5/F-9 pam_krb5.spec, 1.64, 1.65 sources, 1.51, 1.52 pam_krb5-2.3.0-ccacheperms.patch, 1.1, NONE
Nalin Dahyabhai
nalin at fedoraproject.org
Tue Jun 9 22:20:23 UTC 2009
- Previous message (by thread): rpms/pam_krb5/F-11 pam_krb5.spec,1.68,1.69 sources,1.55,1.56
- Next message (by thread): rpms/pam_krb5/devel .cvsignore, 1.55, 1.56 pam_krb5.spec, 1.68, 1.69 sources, 1.55, 1.56
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/pam_krb5/F-9
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28368/F-9
Modified Files:
pam_krb5.spec sources
Removed Files:
pam_krb5-2.3.0-ccacheperms.patch
Log Message:
- update to 2.3.5 to fix CVE-2009-1384
Index: pam_krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-9/pam_krb5.spec,v
retrieving revision 1.64
retrieving revision 1.65
diff -u -p -r1.64 -r1.65
--- pam_krb5.spec 1 Oct 2008 19:01:05 -0000 1.64
+++ pam_krb5.spec 9 Jun 2009 22:19:51 -0000 1.65
@@ -1,13 +1,12 @@
Summary: A Pluggable Authentication Module for Kerberos 5.
Name: pam_krb5
-Version: 2.3.0
-Release: 2%{?dist}
+Version: 2.3.5
+Release: 1%{?dist}
Source0: pam_krb5-%{version}-1.tar.gz
-Patch0: pam_krb5-2.3.0-ccacheperms.patch
-License: BSD or LGPL+
+License: BSD or LGPLv2+
Group: System Environment/Base
+URL: https://fedorahosted.org/pam_krb5/
BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel
-BuildPrereq: autoconf, automake, libtool
BuildRoot: %{_tmppath}/%{name}-root
%description
@@ -18,8 +17,6 @@ The included pam_krb5afs module also get
%prep
%setup -q -n pam_krb5-%{version}-1
-%patch0 -p1 -b .ccacheperms
-autoreconf -i
%build
CFLAGS="$RPM_OPT_FLAGS -fPIC"; export CFLAGS
@@ -36,10 +33,12 @@ rm -f $RPM_BUILD_ROOT/%{_lib}/security/*
# Make the paths jive to avoid conflicts on multilib systems.
sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM_BUILD_ROOT/%{_mandir}/man*/pam_krb5*.8*
+%find_lang %{name}
+
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -fr $RPM_BUILD_ROOT
-%files
+%files -f %{name}.lang
%defattr(-,root,root)
%{_bindir}/*
/%{_lib}/security/pam_krb5.so
@@ -50,12 +49,39 @@ sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM
%{_mandir}/man8/*
%doc README* COPYING* ChangeLog NEWS
-# $Id$
%changelog
-* Wed Oct 1 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.0-2
+* Tue May 26 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.5-1
+- catch the case where we pass a NULL initial password into libkrb5 and
+ it uses our callback to ask us for the password for the user using a
+ principal name, and reject that (#502602)
+- always prompt for a password unless we were told not to (#502602,
+ CVE-2009-1384)
+
+* Wed Mar 4 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.4-1
+- don't request password-changing credentials with the same options that we
+ use when requesting ticket granting tickets, which might run afoul of KDC
+ policies
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb 6 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.3-1
+- clean up a couple of debug messages
+
+* Fri Feb 6 2009 Nalin Dahyabhai <nalin at redhat.com>
+- clean up a couple of unclosed pipes to nowhere
+
+* Wed Oct 1 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.2-1
- fix ccache permissions bypass when the "existing_ticket" option is used
(CVE-2008-3825)
+* Wed Aug 27 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 2.3.0-2
+- fix license tag
+
+* Wed Apr 9 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.1-1
+- don't bother trying to set up a temporary v4 ticket file during session open
+ unless we obtained v4 creds somewhere
+
* Mon Mar 10 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.0-1
- add a "null_afs" option
- add a "token_strategy" option
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-9/sources,v
retrieving revision 1.51
retrieving revision 1.52
diff -u -p -r1.51 -r1.52
--- sources 10 Mar 2008 21:40:31 -0000 1.51
+++ sources 9 Jun 2009 22:19:51 -0000 1.52
@@ -1 +1 @@
-83cdefd14a8104c7c1b8960267882912 pam_krb5-2.3.0-1.tar.gz
+24978d4b0886e6cc83baa00124937143 pam_krb5-2.3.5-1.tar.gz
--- pam_krb5-2.3.0-ccacheperms.patch DELETED ---
- Previous message (by thread): rpms/pam_krb5/F-11 pam_krb5.spec,1.68,1.69 sources,1.55,1.56
- Next message (by thread): rpms/pam_krb5/devel .cvsignore, 1.55, 1.56 pam_krb5.spec, 1.68, 1.69 sources, 1.55, 1.56
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list