diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-04-08 19:14:12 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-04-08 19:14:12 +0000 |
| commit | f584944fe770102c00176f5b6d14a85186df988c (patch) | |
| tree | 67390a89961b24efe22e75ca000cc2b44060903c | |
| parent | e6b570b67bbfe60c9458e67bbbdeadd07e7ab96d (diff) | |
| download | krb5-f584944fe770102c00176f5b6d14a85186df988c.tar.gz krb5-f584944fe770102c00176f5b6d14a85186df988c.tar.xz krb5-f584944fe770102c00176f5b6d14a85186df988c.zip | |
- drop patch to suppress key expiration warnings sent from the KDC in the
last-req field, as the KDC is expected to just be configured to either
send them or not as a particular key approaches expiration (#556495)
| -rw-r--r-- | krb5-1.7-exp_warn.patch | 20 | ||||
| -rw-r--r-- | krb5.spec | 7 |
2 files changed, 5 insertions, 22 deletions
diff --git a/krb5-1.7-exp_warn.patch b/krb5-1.7-exp_warn.patch deleted file mode 100644 index b079916..0000000 --- a/krb5-1.7-exp_warn.patch +++ /dev/null @@ -1,20 +0,0 @@ -Don't warn of expiration reported the new way if it's more than a week from -now, for consistency with the code that handles expiration times reported the -old way. RT#6682 Discussion in RT leans toward following the code intent -of depending on the to KDC simply not include the new-style information if -it's above a configured threshold, thus leaving the timing of warnings to the -KDC administrator. - -diff -up krb5-1.7/src/lib/krb5/krb/gic_pwd.c krb5-1.7/src/lib/krb5/krb/gic_pwd.c ---- krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-18 11:12:02.000000000 -0500 -+++ krb5-1.7/src/lib/krb5/krb/gic_pwd.c 2010-01-18 11:11:50.000000000 -0500 -@@ -389,7 +389,8 @@ cleanup: - delta / 86400, ts); - /* ignore an error here */ - /* PROMPTER_INVOCATION */ -- (*prompter)(context, data, 0, banner, 0, 0); -+ if (delta < 86400 * 7) -+ (*prompter)(context, data, 0, banner, 0, 0); - } - } - } @@ -83,7 +83,6 @@ Patch89: krb5-1.7-largefile.patch Patch90: krb5-1.7-openssl-1.0.patch Patch93: krb5-1.7-create_on_load.patch Patch95: krb5-1.7-opte.patch -Patch96: krb5-1.7-exp_warn.patch Patch97: http://web.mit.edu/kerberos/advisories/2010-001-patch.txt Patch98: krb5-1.7.1-kpasswd_ccache.patch Patch99: krb5-1.7.1-kpasswd_ipv6.patch @@ -226,6 +225,11 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Thu Apr 8 2010 Nalin Dahyabhai <nalin@redhat.com> +- drop patch to suppress key expiration warnings sent from the KDC in + the last-req field, as the KDC is expected to just be configured to either + send them or not as a particular key approaches expiration (#556495) + * Tue Mar 23 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7.1-7 - add fix for denial-of-service in SPNEGO (CVE-2010-0628, #576325) @@ -1609,7 +1613,6 @@ popd %patch90 -p0 -b .openssl-1.0 %patch93 -p1 -b .create_on_load %patch95 -p1 -b .opte -%patch96 -p1 -b .exp_warn %patch97 -p1 -b .2010-001 %patch98 -p1 -b .kpasswd-ccache %patch99 -p0 -b .kpasswd-ipv6 |