- when testing the RPC library, treat denials from the local portmapper the
same as a portmapper-not-running situation, to allow other library tests
to be run while building the package
- create and own /var/kerberos/krb5/user instead of /var/kerberos/kdc/user,
since that's what the libraries actually look for
- add buildrequires on nss-myhostname, in an attempt to get more of the tests
to run properly during builds
- go back to using reconf to run autoconf and autoheader (part of #925640)
- add temporary patch to use newer config.guess/config.sub (more of #925640)
drop the kerberos-iv portreserve file (long overdue), and drop the rest
on systemd systems, since we don't currently poke portreserve when we're
starting a service
- update to the 1.11 final release
- drop the rawbuild tag from a couple of patches which we don't actually
need to apply to get things to compile the way the package expects
- handle releases where texlive packaging wasn't yet as complicated as it
is in Fedora 18
- fix an uninitialized-variable error building one of the test programs
- move the rather large pile of html and pdf docs to -workstation, so
that just having something that links to the libraries won't drag
them onto a system
- actually create %%{_var}/kerberos/kdc/user, so that it can be packaged
- correct the list of packaged man pages
- drop backported patches to make keytab-based authentication attempts
work better when the client tells the KDC that it supports a particular
cipher, but doesn't have a key for it in the keytab
- drop backported fix for teaching PKINIT clients which trust the KDC's
certificate directly to verify signed-data messages that are signed with
the KDC's certificate, when the blobs don't include a copy of the KDC's
certificate
- add a backport of more patches to set the client's list of supported enctypes
when using a keytab to be the list of types of keys in the keytab, plus the
list of other types the client supports but for which it doesn't have keys,
in that order, so that KDCs have a better chance of being able to issue
tickets with session keys of types that the client can use (#837855)
- pull up patch for RT#7063, in which not noticing a prompt for a long
time throws the client library's idea of the time difference between it
and the KDC really far out of whack (#773496)
- undo rename from krb5-pkinit-openssl to krb5-pkinit on EL6
- version the Obsoletes: on the krb5-pkinit-openssl to krb5-pkinit rename
- reintroduce the init scripts for non-systemd releases
- forward-port %%{_?rawbuild} annotations from EL6 packaging
- selinux: hang on to the list of selinux contexts, freeing and reloading
it only when the file we read it from is modified, freeing it when the
shared library is being unloaded (#845125)
- go back to not messing with library file paths on Fedora 17: it breaks
file path dependencies in other packages, and since Fedora 17 is already
released, breaking that is our fault
- add upstream patch to fix freeing an uninitialized pointer and dereferencing
another uninitialized pointer in the KDC (MITKRB5-SA-2012-001, CVE-2012-1014
and CVE-2012-1015, #838012)
- fix a thinko in whether or not we mess around with devel .so symlinks on
systems without a separate /usr (sbose)
- backport a fix to allow a PKINIT client to handle SignedData from a KDC
that's signed with a certificate that isn't in the SignedData, but which
is available as an anchor or intermediate on the client (RT#7183)
- back out this labeling change (dwalsh):
- when building the new label for a file we're about to create, also mix
in the current range, in addition to the current user
- add explicit buildrequires: on 'hostname', for the tests, on systems where
it's in its own package, and require net-tools, which used to provide the
command, everywhere
- add a backport of Stef's patch to set the client's list of supported
enctypes to match the types of keys that we have when we are using a
keytab to try to get initial credentials, so that a KDC won't send us
an AS reply that we can't encrypt (RT#2131, #748528)
- when building the new label for a file we're about to create, also mix
in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
- kadmin.service,krb5kdc.service: remove optional use of $KRB5REALM in command
lines, because systemd parsing doesn't handle alternate value shell variable
syntax
- kprop.service: add missing Type=forking so that systemd doesn't assume simple
- kprop.service: expect the ACL configuration to be there, not absent
during krb5_sname_to_principal(), and to let getaddrinfo() decide whether or
not to ask for an IPv6 address based on the set of configured interfaces
(RT#6922)
DES string2key not working (#679012)
- add revised upstream patch to fix double-free in KDC while returning
typed-data with errors (CVE-2011-0284, #674325)
child process exits with an error (MITKRB5-SA-2011-001), a hang or crash
in the KDC when using the LDAP kdb backend, and an uninitialized pointer
use in the KDC (MITKRB5-SA-2011-002) (CVE-2010-4022, #664009,
CVE-2011-0281, #668719, CVE-2011-0282, #668726, CVE-2011-0283, #670567)
- no longer need patches for #555875, #561174, #563431, RT#6661,
CVE-2010-0628
- replace buildrequires on tetex-latex with one on texlive-latex, which is
the package that provides it now
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
isn't a code path we hit when we're using PAM
would happen if ftpd was given the name of a user who wasn't known to
the local system, limited to being triggerable by gssapi-authenticated
clients by the default xinetd config (Olivier Fourdan, #569472)
- scrub out references to $RPM_SOURCE_DIR (jdennis)
- include a symlink to the readme with the name LICENSE so that people can
find it more easily (jdennis)
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
the devel subpackage, better lining up with the expected krb5/krb5-appl
split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
already depends on -workstation which also includes them
than seven days away when the KDC reports it via the last-req field,
just as we already do when it reports expiration via the key-expiration
field (#556495)
- link with libtinfo rather than libncurses, when we can, in future RHEL
port, kpropd can always bind to the krb5_prop port, and that kadmind
can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
function in the kadmind and kpropd init scripts, so that we get the
right error when we're dead but have a lock file - requires initscripts
8.99 (#521772)
- add patches for read overflow and null pointer dereference in the
implementation of the SPNEGO mechanism (CVE-2009-0844, CVE-2009-0845)
- add patch for attempt to free uninitialized pointer in libkrb5
(CVE-2009-0846)
- add patch to fix length validation bug in libkrb5 (CVE-2009-0847)
when v4 compatibility is enabled on the KDC (CVE-2008-0062,
CVE-2008-0063, #432620, #432621)
- add fixes from MITKRB5-SA-2008-002 for array out-of-bounds accesses when
high-numbered descriptors are used (CVE-2008-0947, #433596)
- add backport bug fix for an attempt to free non-heap memory in
libgssapi_krb5 (CVE-2007-5901, #415321)
- add backport bug fix for a double-free in out-of-memory situations in
libgssapi_krb5 (CVE-2007-5971, #415351)
authenticated
- in login, signal PAM when we're changing an expired password that it's an
expired password, so that when cracklib flags a password as being weak
it's treated as an error even if we're running as root
- kdb_ldap: add patch to treat 'nsAccountLock: true' as an indication that
the DISALLOW_ALL_TIX flag is set on an entry, for better interop with
Fedora, Netscape, Red Hat Directory Server (Simo Sorce)
- enable patch to make kpasswd fall back to TCP if UDP fails
- enable patch to make kpasswd use the right sequence number on retransmit
- enable patch to allow mech-specific creds delegated under spnego to be
found when searching for creds
- drop unquoted check and silent exit for "$NETWORKING" (#426852, #242500)
- krb524: don't barf on missing database if it looks like we're using
kldap, same as for kadmin
- return non-zero status for missing files which cause startup to fail
CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)
- drop old, incomplete SELinux patch
- add patch from Greg Hudson to make srvtab routines report missing-file
errors at same point that keytab routines do (#241805)
there if it looks like we might be using the kldap plugin
- kadmind.init: attempt to extract the key for the host-specific kadmin
service when we try to create the keytab
shared libraries (no more static libraries) makes them unnecessary and
they're not part of the libkrb5 interface (patch by Rex Dieter,
#240220) (strips out libkeyutils, libresolv, libdl)
(#229782, CVE-2007-0956)
- add patch to fix buffer overflow in krb5kdc and kadmind (#231528,
CVE-2007-0957)
- add patch to fix double-free in kadmind (#231537, CVE-2007-1216)
- move workstation daemons to a new subpackage (#81836, #216356, #217301),
and make the new subpackage require xinetd (#211885)
We don't get static libraries any more. Holding off on build until
verification that this doesn't kill other things, or until we get them
building in a semi-useful way.
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
against the package maintainer forgetting to update when we move to a
new release
a different location than the default (fenlason)
- remove the [kdc] section from the default krb5.conf -- doesn't seem to
have been applicable for a while
64-bit architectures, to avoid multilib conflicts; other changes will
conspire to strip out the -L flag which uses this, so it should be
harmless (#192692)
krb5-config which is okay in multilib environments (#190118)
- make the name-of-the-tempfile comment which compile_et adds to error code
headers always list the same file to avoid conflicts on multilib
installations
- strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib
boxes
- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on
mulitlib boxes
(CAN-2005-0469)
- add draft fix from Tom Yu for env_opt_add() buffer overflow
(CAN-2005-0468)
will need to re-roll if the draft fix isn't the same as the final one *
- v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
flag to specify that it should communicate with the server using the
older protocol
- new libkrb5support library
- v5passwdd and kadmind4 are gone
- versioned symbols
- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
it on to krb5kdc
- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
it on to kadmind
- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
it on to krb524d *instead of* "-m"
- set "forwardable" in [libdefaults] in the default krb5.conf to match the
default setting which we supply for pam_krb5
- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting
the compiled-in default
#140036)
- silence compiler warning in kprop by using an in-memory ccache with a
fixed name instead of an on-disk ccache with a name generated by
tmpnam()
Wed May 12 2004 Thomas Woerner <twoerner@redhat.com> 1.3.3-3
- removed rpath
Thu Apr 15 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-2
- re-enable large file support, fell out in 1.3-1
- patch rcp to use long long and %lld format specifiers when reporting file
sizes on large files
Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.2-1
- update to 1.3.2
Mon Mar 08 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-12
- rebuild
Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> 1.3.1-11.1
- rebuilt
Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 1.3.1-11
- rebuilt
Mon Feb 09 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-10
- catch krb4 send_to_kdc cases in kdc preference patch
Mon Feb 02 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-9
- remove patch to set TERM in klogind which, combined with the upstream fix
in
1.3.1, actually produces the bug now (#114762)
Mon Jan 19 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-8
- when iterating over lists of interfaces which are "up" from getifaddrs(),
skip over those which have no address (#113347)
Mon Jan 12 2004 Nalin Dahyabhai <nalin@redhat.com>
- prefer the kdc which last replied to a request when sending requests to
kdcs
Mon Nov 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-7
- fix combination of --with-netlib and --enable-dns
Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
- remove libdefault ticket_lifetime option from the default krb5.conf, it
is ignored by libkrb5
Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6
- fix bug in patch to make rlogind start login with a clean environment a
la netkit rlogin, spotted and fixed by Scott McClung
Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5
- include profile.d scriptlets in krb5-devel so that krb5-config will be in
the path, reported by Kir Kolyshkin
Mon Sep 08 2003 Nalin Dahyabhai <nalin@redhat.com>
- add more etypes (arcfour) to the default enctype list in kdc.conf
- don't apply previous patch, refused upstream
Fri Sep 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4
- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
Wed Sep 03 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3
- Don't check for write access on /etc/krb5.conf if SELinux
Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2
- fixup some int/pointer varargs wackiness
Tue Aug 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1
- rebuild
Mon Aug 04 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0
- update to 1.3.1
Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2
- pull fix for non-compliant encoding of salt field in etype-info2 preauth
data from 1.3.1 beta 1, until 1.3.1 is released.
Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1
- update to 1.3
Mon Jul 07 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4
- correctly use stdargs
Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4
- test update to 1.3 beta 4
- ditch statglue build option
- krb5-devel requires e2fsprogs-devel, which now provides libss and
libcom_err
Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
- rebuilt
Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2
- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead
Wed Apr 09 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1
- update to 1.2.8
Fri Mar 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-24
- fix double-free of enc_part2 in krb524d
- update to latest patch kit for MITKRB5-SA-2003-004
Thu Mar 20 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-23
- make the default kdc.conf list the same enctypes we use for 1.2.7
Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-22
- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028)
Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-21
- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and
CAN-2003-0139)
Thu Mar 06 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-20
- fix buffer underrun in unparsing certain principals (CAN-2003-0082)
Wed Feb 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-19
- add patch to fix server-side crashes when principals have no components
(CAN-2003-0072)
Mon Feb 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-18
- add patch from Matt Crawford for encoding transited realms properly
Wed Feb 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-17
- sync compiler flags for configure and make with other versions
Tue Feb 04 2003 Nalin Dahyabhai <nalin@redhat.com>
- add patch to document the reject-bad-transited option in kdc.conf
- add backported symbol namespacing fix from 1.2.3 to clear up clashes with
glib
- add backported fix for hangs in kadmin client when principal contains an
escaped @ symbol
Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- add candidate backports for CAN-2002-0036, CAN-2002-058, CAN-2002-059
(CAN-2002-060 was fixed in 1.1.1-7 or so)
Thu Jan 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-16
- add patch from Mark Cox for exploitable bugs in ftp client
- add patch to avoid buffer read overruns when configuring via DNS
- add patch to properly include <errno.h>
Wed Oct 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-15
- add patch from Tom Yu for exploitable bugs in kadmind4
- remove raw keys from the default kdc.conf
Fri Jul 20 2001 Nalin Dahyabhai <nalin@redhat.com>
- tweak statglue.c to fix stat/stat64 aliasing problems
- be cleaner in use of gcc to build shlibs
Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
- use gcc to build shared libraries
Wed Jun 27 2001 Nalin Dahyabhai <nalin@redhat.com>
- add patch to support "ANY" keytab type (i.e., "default_keytab_name =
ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab" patch from Gerald
Britton, #42551)
- build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)
- patch ftpd to use long long and %lld format specifiers to support the
SIZE command on large files (also #30697)
- don't use LOG_AUTH as an option value when calling openlog() in ksu
(#45965)
- implement reload in krb5kdc and kadmind init scripts (#41911)
- lose the krb5server init script (not using it any more)
Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
- Bump release + rebuild.
Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
- pass some structures by address instead of on the stack in krb5kdc
Tue May 22 2001 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
- add patch from Tom Yu to fix ftpd overflows
Wed Apr 18 2001 Than Ngo <than@redhat.com>
- disable optimizations on the alpha again
Fri Mar 30 2001 Nalin Dahyabhai <nalin@redhat.com>
- add in glue code to make sure that libkrb5 continues to provide a weak
copy of stat()
Thu Mar 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- build alpha with -O0 for now
Thu Mar 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix the kpropd init script
Mon Mar 05 2001 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO
- re-enable optimization on Alpha
Thu Feb 08 2001 Nalin Dahyabhai <nalin@redhat.com>
- build alpha with -O0 for now
- own /var/kerberos
Tue Feb 06 2001 Nalin Dahyabhai <nalin@redhat.com>
- own the directories which are created for each package (#26342)
Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
- gettextize init scripts
Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
- add some comments to the ksu patches for the curious
- re-enable optimization on alphas
Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
- fix krb5-send-pr (#18932) and move it from -server to -workstation
- buildprereq libtermcap-devel
- temporariliy disable optimization on alphas
- gettextize init scripts
Tue Dec 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- force -fPIC
Fri Dec 01 2000 Nalin Dahyabhai <nalin@redhat.com>
- rebuild in new environment
Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
- add bison as a BuildPrereq (#20091)
Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- change /usr/dict/words to /usr/share/dict/words in default kdc.conf
(#20000)
Thu Oct 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply kpasswd bug fixes from David Wragg
Wed Oct 04 2000 Nalin Dahyabhai <nalin@redhat.com>
- make krb5-libs obsolete the old krb5-configs package (#18351)
- don't quit from the kpropd init script if there's no principal database
so that you can propagate the first time without running kpropd
manually
- don't complain if /etc/ld.so.conf doesn't exist in the -libs %post
Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix credential forwarding problem in klogind (goof in KRB5CCNAME
handling) (#11588)
- fix heap corruption bug in FTP client (#14301)
Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
bugzilla (#16134), and to match the regular ftp package's behavior
Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com>
- rebuild to compress man pages.
Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
- move initscript back
Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable servers by default to keep linuxconf from thinking they need to
be started when they don't
Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
- automatic rebuild
Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs
Thu Jul 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind
Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.2.1
- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents
Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's
not compatible with other stuff in 6.2, so no need)
Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak graceful start/stop logic in post and preun
Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com>
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun
Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- only remove old krb5server init script links if the init script is there
Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- disable kshell and eklogin by default
Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd
Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com>
- make sure workstation servers are all disabled by default
- clean up krb5server init script
Fri Jun 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos
Tue Jun 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- make ksu and v4rcp owned by root
Sat Jun 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4
compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
determine paths
Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix config_subpackage logic
Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com>
- remove setuid bit on v4rcp and ksu
- apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils
Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file
Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in
CMD_PATH and to use getusershell()
Wed May 03 2000 Bill Nottingham <notting@redhat.com>
- fix configure stuff for ia64
Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug
#10653)
- change Requires: for/in subpackages to include 1.2.1
Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation
Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as a
%config file anyway.
- Make krb5.conf a noreplace config file.
Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
- Make klogind pass a clean environment to children, like NetKit's rlogind
does.
Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com>
- Don't enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf
Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
- Correct copyright: it's exportable now, provided the proper paperwork is
filed with the government.
Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- apply Mike Friedman's patch to fix format string problems
- don't strip off argv[0] when invoking regular rsh/rlogin
Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
- run kadmin.local correctly at startup
Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com>
- pass absolute path to kadm5.keytab if/when extracting keys at startup
Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix info page insertions
Wed Feb 09 2000 Nalin Dahyabhai <nalin@redhat.com>
- tweak server init script to automatically extract kadm5 keys if
/var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet
- adjust package descriptions
Thu Feb 03 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix for potentially gzipped man pages
Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
- fix comments in krb5-configs
Fri Jan 07 2000 Nalin Dahyabhai <nalin@redhat.com>
- move /usr/kerberos/bin to end of PATH
Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com>
- install kadmin header files
Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com>
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn't fix workstation-side servers
Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com>
- remove hesiod dependency at build-time
Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- rebuild on 1.1.1
Thu Oct 07 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza
Mon Oct 04 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael's C version
Sun Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added -lncurses to telnet and telnetd makefiles
Mon Jul 05 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- added krb5.csh and krb5.sh to /etc/profile.d
Tue Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- broke out configuration files
Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- fixed server package so that it works now
Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
- started changelog
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build
