This commit is contained in:
OBS User unknown
Git OBS Bridge
parent
2f9cc32597
commit
617d3a00aa
@ -1,2 +1,3 @@
|
||||
pam_krb5
|
||||
+/lib(64)?/security/pam_krb5/pam_krb5_storetmp
|
||||
supplements "packageand(pam_krb5:pam-<targettype>)"
|
||||
|
||||
@ -1,3 +1,8 @@
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 24 19:29:55 CEST 2009 - sbrabec@suse.cz
|
||||
|
||||
- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164).
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Jun 15 15:32:11 CEST 2009 - mc@suse.de
|
||||
|
||||
|
||||
275
pam_krb5.spec
275
pam_krb5.spec
@ -21,7 +21,7 @@
|
||||
Name: pam_krb5
|
||||
BuildRequires: krb5-client krb5-devel krb5-server openssl-devel pam-devel
|
||||
%define PAM_RELEASE 1
|
||||
License: BSD 3-Clause; LGPL v2.0 or later
|
||||
License: BSD 3-clause (or similar) ; LGPL v2.0 or later
|
||||
Group: Productivity/Networking/Security
|
||||
Provides: pam_krb
|
||||
AutoReqProv: on
|
||||
@ -31,7 +31,7 @@ Obsoletes: pam_krb5-64bit
|
||||
%endif
|
||||
#
|
||||
Version: 2.3.5
|
||||
Release: 2
|
||||
Release: 3
|
||||
Summary: PAM Module for Kerberos Authentication
|
||||
Url: http://sourceforge.net/projects/pam-krb5/
|
||||
Source: pam_krb5-%{version}-%{PAM_RELEASE}.tar.bz2
|
||||
@ -96,274 +96,3 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%attr(755,root,root) /usr/bin/afs5log
|
||||
|
||||
%changelog
|
||||
* Mon Jun 15 2009 mc@suse.de
|
||||
- compile fixes for krb5 1.7
|
||||
* Mon Jun 08 2009 mc@suse.de
|
||||
- update to version 2.3.5
|
||||
* make prompting behavior for non-existent accounts and users who
|
||||
just press enter match up with those who aren't/don't (#502602,
|
||||
CVE-2009-1384)
|
||||
* Wed May 20 2009 mc@suse.de
|
||||
- update to version 2.3.4
|
||||
* don't request password-changing credentials using the same options
|
||||
we use for ticket-granting tickets
|
||||
* close a couple of open pipes to defunct processes, fix a couple
|
||||
of debug messages
|
||||
* fix ccache permissions bypass when the "existing_ticket" option is
|
||||
used (CVE-2008-3825, which affects 2.2.0-2.2.25, 2.3.0, and 2.3.1)
|
||||
- obsolete a lot of patches.
|
||||
* Thu Feb 05 2009 mc@suse.de
|
||||
- update translations
|
||||
* Mon Feb 02 2009 mc@suse.de
|
||||
- pam_sm_setcred should assume PAM_ESTABLISH_CRED
|
||||
if no flag are passed (bnc#470414)
|
||||
* Tue Jan 13 2009 olh@suse.de
|
||||
- obsolete old -XXbit packages (bnc#437293)
|
||||
* Fri Nov 21 2008 mc@suse.de
|
||||
- update translations
|
||||
* Wed Nov 05 2008 mc@suse.de
|
||||
- update translations
|
||||
* Wed Oct 29 2008 mc@suse.de
|
||||
- use the upstream fix for
|
||||
pam_krb5-2.3.1-fix-pwchange-with-use_shmem.dif
|
||||
* Tue Oct 28 2008 mc@suse.de
|
||||
- simplify switch permissions of refresh credentials
|
||||
(remove pam_krb5-2.2.11-1-refresh-drop-restore-priv.dif
|
||||
add pam_krb5-2.3.1-switch-perms-on-refresh.dif)
|
||||
* Fri Oct 24 2008 mc@suse.de
|
||||
- write new ticket into shmem after password change if requested.
|
||||
(bnc#438181)
|
||||
- update translations
|
||||
* Mon Oct 06 2008 mc@suse.de
|
||||
- fixing pam_krb5 existing_ticket permission flaw (CVE-2008-3825)
|
||||
(bnc#425861)
|
||||
* Thu Sep 04 2008 mc@suse.de
|
||||
- if the realm name given to us is NULL, don't bother consulting
|
||||
the appdefaults
|
||||
- check for the "debug" flag earlier
|
||||
* Mon Sep 01 2008 mc@suse.de
|
||||
- validate new fetched credentials
|
||||
* Fri Jun 20 2008 mc@suse.de
|
||||
- version 2.3.1
|
||||
* translations for messages!
|
||||
* added the ability to set up tokens in the rxk5 format
|
||||
* added the "token_strategy" option to control which methods we'll
|
||||
try to use for setting tokens
|
||||
* merge "null_afs" functionality from Jan Iven
|
||||
* when we're changing passwords, force at least one attempt to
|
||||
authenticate using the KDC, even in the pathological case where
|
||||
there's no previously- entered password and we were told not to ask
|
||||
for one (brc#400611)
|
||||
* Fri Jun 06 2008 mc@suse.de
|
||||
- update i18n files
|
||||
* Fri May 09 2008 mc@suse.de
|
||||
- update i18n files
|
||||
* Mon Apr 14 2008 mc@suse.de
|
||||
- update i18n files
|
||||
* Thu Apr 10 2008 ro@suse.de
|
||||
- added baselibs.conf file to build xxbit packages
|
||||
for multilib support
|
||||
* Thu Mar 13 2008 mc@suse.de
|
||||
- add i18n support
|
||||
* Mon Feb 11 2008 mc@suse.de
|
||||
- version 2.2.22
|
||||
* moved .k5login checks to a subprocess to avoid screwing with the
|
||||
parent process's tokens and PAG (fallout from #371761)
|
||||
* all options which took true/false before ("debug", "tokens", and
|
||||
so on) can now take service names
|
||||
* Wed Nov 21 2007 mc@suse.de
|
||||
- some bugfixes from upstream
|
||||
* Fri Nov 09 2007 mc@suse.de
|
||||
- version 2.2.21
|
||||
* fix permissions problems on keyring ccaches, so that users can write
|
||||
to them after we've set them up, and we can still do the cleanup
|
||||
- remove pam_krb5-2.2.20-1-copy-cache-priv-fix.dif; fix is upstream
|
||||
* Mon Nov 05 2007 mc@suse.de
|
||||
- pam_krb5-2.2.20-1-copy-cache-priv-fix.dif
|
||||
fix permissions on the ccache im not file case
|
||||
- pam_krb5-2.2.20-1-debug-log-choice.dif
|
||||
improve debug log
|
||||
* Mon Oct 29 2007 mc@suse.de
|
||||
- version 2.2.20
|
||||
* fixes for credential refreshing
|
||||
- remove obsolete patch pam_krb5-2.2.19-fix-format-error.dif
|
||||
(fix is upstream)
|
||||
* Fri Oct 26 2007 mc@suse.de
|
||||
- version 2.2.19:
|
||||
* the "keytab" option can now be used to specify a custom location
|
||||
for a given service from within krb5.conf
|
||||
* log messages are now logged with facility LOG_AUTHPRIV (or LOG_AUTH
|
||||
if LOG_AUTHPRIV is not defined) instead of the application's default
|
||||
or LOG_USER
|
||||
* added the "pkinit_identity" option to provide a way to specify
|
||||
where the user's public-key credentials are, and "pkinit_flags" to
|
||||
specify arbitrary flags for libkrb5 (Heimdal only)
|
||||
* added the "preauth_options" option to provide a way to specify
|
||||
arbitrary preauthentication options to libkrb5 (MIT only)
|
||||
* added the "ccname_template" option to provide a way to specify
|
||||
where the user's credentials should be stored, so that KEYRING:
|
||||
credential caches can be deployed at will.
|
||||
* Tue Aug 07 2007 mc@suse.de
|
||||
- version 2.2.17:
|
||||
* corrected a typo in the pam_krb5(8) man page
|
||||
* clarified that the "tokens" flag should only be needed for
|
||||
applications which are not using PAM correctly
|
||||
* don't bother using a helper for creating v4 ticket files when we're
|
||||
just getting tokens
|
||||
* clean up the debug message which we emit when we do v5->v4
|
||||
principal name conversion
|
||||
* compilation fixes
|
||||
* let default "external" and "use_shmem" settings be specified at
|
||||
compile-time
|
||||
* correctly return a "unknown user" error when attempting to change
|
||||
a password for a user who has no corresponding principal (#235020)
|
||||
* don't bother using a helper for creating ccache files, which we're
|
||||
just going to delete, when we need to get tokens
|
||||
* Mon Jul 16 2007 mc@suse.de
|
||||
- version 2.2.14
|
||||
* treat a "client revoked" error as an "unknown principal" error
|
||||
* some small bugfixes
|
||||
* Fri Jul 13 2007 mc@suse.de
|
||||
- version 2.2.13
|
||||
* make it possible to have more than one ccache (and tktfile) at
|
||||
a time to work around apps which open a session, set the
|
||||
environment, and initialize creds (when we previously created
|
||||
a ccache, removing the one which was named in the environment)
|
||||
* Mon Jul 02 2007 mc@suse.de
|
||||
- version 2.2.12
|
||||
* add a "pwhelp" option.
|
||||
* Display the KDC error to users.
|
||||
* lots of bugfixes
|
||||
* Thu Mar 15 2007 mc@suse.de
|
||||
- drop privileges in _pam_krb5_sly_maybe_refresh when
|
||||
running in set uid and restore them on exit of this
|
||||
function. This enables us to refresh the ticket
|
||||
after screen un-lock.
|
||||
[#124611]
|
||||
* Mon Sep 25 2006 mc@suse.de
|
||||
- version 2.2.11
|
||||
- remove two patches with are upstream now
|
||||
- pam_krb5-2.2.10-0-oldauthtok.dif
|
||||
- pam_krb5-2.2.10-0-testfix.dif
|
||||
- make use of --with-os-distribution
|
||||
* Thu Sep 14 2006 mc@suse.de
|
||||
- fix pam_set_item call for AUTHTOK and OLDAUTHTOK
|
||||
- fix testcase
|
||||
- if the server returns an error message during password-changing,
|
||||
let the user see it
|
||||
- add the "debug_sensitive" option, which actually logs passwords
|
||||
- add the "no_subsequent_prompt" option, to force the module to
|
||||
always answer a libkrb5 prompt with the PAM_AUTHTOK value
|
||||
* Tue Sep 12 2006 mc@suse.de
|
||||
- version 2.2.10
|
||||
* log text for server-supplied error code along with the
|
||||
failure information.
|
||||
* rework the prompting bits so that it makes more correct use of
|
||||
the initial_prompt/use_first_pass flags and correctly disables
|
||||
use of the callback for arbitrary prompts
|
||||
* give the caller a way to specify which prompter callback we
|
||||
should use.
|
||||
* track whether or not we want to let libkrb5 ask for information
|
||||
via the callbacks.
|
||||
* and more fixes
|
||||
* Thu Jul 27 2006 mc@suse.de
|
||||
- version 2.2.9
|
||||
* look for krb5/krb5.h in preference to krb5.h (new in
|
||||
MIT Kerberos 1.5)
|
||||
* if the default principal in the ccache doesn't match the
|
||||
userinfo structure, update the userinfo structure.
|
||||
* always use the name of the v5 principal when saving
|
||||
credentials, especially for the "external" case where
|
||||
it may not be the value we originally guessed
|
||||
* be more careful about other ways which our prompting
|
||||
callback can try to break us
|
||||
* go back to overwriting the template, to avoid uncontrolled
|
||||
growth in the filename.
|
||||
* build the new ccache name by appending the mkstemp template
|
||||
instead of assuming the previous file ended with one
|
||||
* and more fixes.
|
||||
- remove pam_krb5-2.2.3-1-prompter-segfault.dif it is upstream now
|
||||
* Wed Jun 28 2006 mc@suse.de
|
||||
- update to version 2.2.8
|
||||
* fix reporting of the reasons for password change failures
|
||||
* add "krb4_use_as_req" to completely disallow any attempts to get
|
||||
v4 credentials
|
||||
* do 524 conversion for the "external" cases, too
|
||||
- remove obsolete patches
|
||||
* Fri Apr 21 2006 mc@suse.de
|
||||
- fix segfault in prompter [#165972]
|
||||
* Wed Jan 25 2006 mls@suse.de
|
||||
- converted neededforbuild to BuildRequires
|
||||
* Tue Jan 17 2006 mc@suse.de
|
||||
- add two patches from upstream
|
||||
* pam_krb5-upstreamfix-password-handling.dif
|
||||
* pam_krb5-upstreamfix-testcase.dif
|
||||
- build with more then one job
|
||||
* Fri Jan 13 2006 mc@suse.de
|
||||
- set /usr/bin/afs5log executable
|
||||
* Wed Jan 11 2006 mc@suse.de
|
||||
- add -fstack-protector to CFLAGS
|
||||
* Tue Dec 20 2005 mc@suse.de
|
||||
- update to version 2.2.3
|
||||
- remove pam_krb5-2.2.0-0.5-NULL-fix.dif; patch is now upstream
|
||||
* Fri Dec 02 2005 mc@suse.de
|
||||
- update to version 2.2.2
|
||||
* don't leak the keytab file descriptor
|
||||
* actually check for AFS support first, so that the
|
||||
ioctl-only support case will work properly.
|
||||
* Mon Nov 14 2005 uli@suse.de
|
||||
- no afs_syscall on ARM
|
||||
* Mon Nov 14 2005 mc@suse.de
|
||||
- update to version 2.2.0-2
|
||||
- remove obsolete patch (debug_false is upstream now)
|
||||
* Mon Oct 10 2005 mc@suse.de
|
||||
- update to current CVS version
|
||||
- drop some patches (they are upstream now)
|
||||
- fix NULL problem
|
||||
* Wed Aug 17 2005 mc@suse.de
|
||||
- got official fix for the authtok problem
|
||||
[#104051]
|
||||
* Mon Aug 15 2005 mc@suse.de
|
||||
- fix the behavior of password changing if use_authtok
|
||||
is not present [#104051]
|
||||
* Wed Jun 29 2005 mc@suse.de
|
||||
- fix change password
|
||||
* Fri Jun 10 2005 mc@suse.de
|
||||
- set default for debug to false [#87005]
|
||||
* Thu Apr 07 2005 mc@suse.de
|
||||
- switch to version 2.2.0-0.5
|
||||
* Tue Feb 22 2005 nadvornik@suse.cz
|
||||
- fixed parsing of time values
|
||||
* Mon Feb 21 2005 mc@suse.de
|
||||
- add pam_krb5-use-krb5_afslog.dif [#51047]
|
||||
* Tue Jan 18 2005 okir@suse.de
|
||||
- updated to latest pam_krb5 snapshot from sourcforge CVS
|
||||
* Tue Jan 11 2005 ro@suse.de
|
||||
- re-added afs module (added krbafs to neededforbuild)
|
||||
* Mon Nov 22 2004 ro@suse.de
|
||||
- remove afs for the moment, mit-kerberos does not have support
|
||||
* Wed Apr 28 2004 ro@suse.de
|
||||
- added -fno-strict-aliasing
|
||||
* Fri Jan 16 2004 kukuk@suse.de
|
||||
- Add pam-devel to neededforbuild
|
||||
* Sun Jan 11 2004 adrian@suse.de
|
||||
- build as user
|
||||
* Wed Jul 16 2003 nadvornik@suse.cz
|
||||
- replaced by different implementation of pam_krb5
|
||||
- afs support
|
||||
* Fri Jun 20 2003 okir@suse.de
|
||||
- fix build problem with latest heimdal
|
||||
- another fix for passwd updates (#20284)
|
||||
* Wed Jun 18 2003 ro@suse.de
|
||||
- use kerberos-devel-packages in neededforbuild
|
||||
* Tue Apr 15 2003 ro@suse.de
|
||||
- fixed neededforbuild
|
||||
* Wed Aug 28 2002 okir@suse.de
|
||||
- Security fix (#18463): unbecome_user did not properly reassert
|
||||
original privilege, and the caller didn't check the return value.
|
||||
* Wed Jul 31 2002 okir@suse.de
|
||||
- suse_update_config now updates the right files
|
||||
* Wed Jul 24 2002 okir@suse.de
|
||||
- fixed passwd(1) support; updated README
|
||||
* Tue Jul 23 2002 okir@suse.de
|
||||
- initial packaging
|
||||
|
||||
Loading…
Reference in New Issue
Block a user