rpms/pam_krb5/F-10 pam_krb5.spec,1.65,1.66 sources,1.53,1.54

Tue Jun 9 22:20:21 UTC 2009

Author: nalin

Update of /cvs/pkgs/rpms/pam_krb5/F-10
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv28368/F-10

Modified Files:
	pam_krb5.spec sources 
Log Message:
- update to 2.3.5 to fix CVE-2009-1384



Index: pam_krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-10/pam_krb5.spec,v
retrieving revision 1.65
retrieving revision 1.66
diff -u -p -r1.65 -r1.66

--- pam_krb5.spec	1 Oct 2008 19:27:38 -0000	1.65
+++ pam_krb5.spec	9 Jun 2009 22:19:50 -0000	1.66
@@ -1,11 +1,11 @@
 Summary: A Pluggable Authentication Module for Kerberos 5.
 Name: pam_krb5
-Version: 2.3.2
+Version: 2.3.5
 Release: 1%{?dist}
 Source0: pam_krb5-%{version}-1.tar.gz
 License: BSD or LGPLv2+
 Group: System Environment/Base
-BuildPrereq: gettext
+URL: https://fedorahosted.org/pam_krb5/
 BuildPrereq: keyutils-libs-devel, krb5-devel, pam-devel
 BuildRoot: %{_tmppath}/%{name}-root
 
@@ -49,12 +49,31 @@ sed -ri -e 's|/lib(64)?/|/\$LIB/|g' $RPM
 %{_mandir}/man8/*
 %doc README* COPYING* ChangeLog NEWS
 
-# $Id$
 %changelog
+* Tue May 26 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.5-1
+- catch the case where we pass a NULL initial password into libkrb5 and
+  it uses our callback to ask us for the password for the user using a
+  principal name, and reject that (#502602)
+- always prompt for a password unless we were told not to (#502602,
+  CVE-2009-1384)
+
+* Wed Mar  4 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.4-1
+- don't request password-changing credentials with the same options that we
+  use when requesting ticket granting tickets, which might run afoul of KDC
+  policies
+
+* Thu Feb 26 2009 Fedora Release Engineering <rel-eng at lists.fedoraproject.org> - 2.3.3-2
+- Rebuilt for https://fedoraproject.org/wiki/Fedora_11_Mass_Rebuild
+
+* Fri Feb  6 2009 Nalin Dahyabhai <nalin at redhat.com> - 2.3.3-1
+- clean up a couple of debug messages
+
+* Fri Feb  6 2009 Nalin Dahyabhai <nalin at redhat.com>
+- clean up a couple of unclosed pipes to nowhere
+
 * Wed Oct  1 2008 Nalin Dahyabhai <nalin at redhat.com> - 2.3.2-1
 - fix ccache permissions bypass when the "existing_ticket" option is used
   (CVE-2008-3825)
-- add build requirement on "gettext" so that xgettext is available at build-time
 
 * Wed Aug 27 2008 Tom "spot" Callaway <tcallawa at redhat.com> - 2.3.0-2
 - fix license tag


Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/pam_krb5/F-10/sources,v
retrieving revision 1.53
retrieving revision 1.54
diff -u -p -r1.53 -r1.54
--- sources	1 Oct 2008 19:04:12 -0000	1.53
+++ sources	9 Jun 2009 22:19:50 -0000	1.54
@@ -1 +1 @@
-fe23c3d9b89d173c2c65fec18c06b133  pam_krb5-2.3.2-1.tar.gz
+24978d4b0886e6cc83baa00124937143  pam_krb5-2.3.5-1.tar.gz


