diff --git a/krb5-1.8-exp_warn.patch b/krb5-1.8-exp_warn.patch deleted file mode 100644 index dbd3966..0000000 --- a/krb5-1.8-exp_warn.patch +++ /dev/null @@ -1,20 +0,0 @@ -Don't warn of expiration reported the new way if it's more than a week from -now, for consistency with the code that handles expiration times reported the -old way. RT#6682 Discussion in RT leans toward following the code intent -of depending on the to KDC simply not include the new-style information if -it's above a configured threshold, thus leaving the timing of warnings to the -KDC administrator. - -diff -up krb5-1.8/src/lib/krb5/krb/gic_pwd.c.exp_warn krb5-1.8/src/lib/krb5/krb/gic_pwd.c ---- krb5-1.8/src/lib/krb5/krb/gic_pwd.c.exp_warn 2010-03-05 11:04:10.000000000 -0500 -+++ krb5-1.8/src/lib/krb5/krb/gic_pwd.c 2010-03-05 11:04:10.000000000 -0500 -@@ -407,7 +407,8 @@ cleanup: - delta / 86400, ts); - /* ignore an error here */ - /* PROMPTER_INVOCATION */ -- (*prompter)(context, data, 0, banner, 0, 0); -+ if (delta < 86400 * 7) -+ (*prompter)(context, data, 0, banner, 0, 0); - } - } - } diff --git a/krb5.spec b/krb5.spec index 3d4e80d..9507375 100644 --- a/krb5.spec +++ b/krb5.spec @@ -46,7 +46,6 @@ Patch63: krb5-1.8-selinux-label.patch Patch70: krb5-trunk-kpasswd_tcp2.patch Patch71: krb5-1.8-dirsrv-accountlock.patch Patch95: krb5-1.8-opte.patch -Patch96: krb5-1.8-exp_warn.patch Patch98: krb5-1.8-kpasswd_ccache.patch Patch99: krb5-trunk-kpasswd_ipv6.patch Patch100: krb5-trunk-tktlifetime.patch @@ -186,7 +185,6 @@ ln -s NOTICE LICENSE #%patch70 -p0 -b .kpasswd_tcp2 %patch71 -p1 -b .dirsrv-accountlock %patch95 -p1 -b .opte -%patch96 -p1 -b .exp_warn %patch98 -p0 -b .kpasswd-ccache %patch99 -p0 -b .kpasswd-ipv6 %patch100 -p0 -b .tktlifetime @@ -624,6 +622,11 @@ exit 0 %{_sbindir}/uuserver %changelog +* Thu Apr 8 2010 Nalin Dahyabhai +- drop patch to suppress key expiration warnings sent from the KDC in + the last-req field, as the KDC is expected to just be configured to either + send them or not as a particular key approaches expiration (#556495) + * Tue Mar 23 2010 Nalin Dahyabhai - 1.8-5 - add upstream fix for denial-of-service in SPNEGO (CVE-2010-0628, #576325) - kdc.conf: no more need to suggest keeping keys with v4-compatible salting