# # ChangeLog for trunk/server # # Generated by Trac 1.0.2 # Oct 24, 2025, 4:52:49 PM Fri, 16 Jul 2010 06:43:10 GMT geofft [1587] * trunk/server/common/patches/ghostscript-CVE-2010-1628.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/ghostscript.spec.patch (added) Patch Ghostscript overflow error, see GS bug #691295 (CVE-2010-1628) Wed, 14 Jul 2010 04:57:57 GMT geofft [1586] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/libpng.spec.patch (added) Update to libpng 1.2.44 (CVE-2010-1205) (CVE-2010-2249) Mon, 05 Jul 2010 18:52:23 GMT geofft [1584] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) d_zroot: Also punt the logic for counting failed root logins This ... Mon, 05 Jul 2010 14:35:05 GMT geofft [1583] * trunk/server/fedora/config/etc/syslog-ng/d_zroot.pl (modified) Fix r1330 and reapply it. Sat, 03 Jul 2010 18:10:01 GMT geofft [1582] * trunk/server/fedora/config/etc/aliases (modified) * trunk/server/fedora/config/etc/postfix/blocked_users (modified) Remove e-mail blocks (timeout!) Tue, 29 Jun 2010 23:31:07 GMT geofft [1581] * trunk/server/fedora/config/etc/named.conf (modified) Comment out DNSSEC because upstream's package is borked See ... Tue, 29 Jun 2010 23:29:35 GMT geofft [1580] * trunk/server/fedora/config/etc/named.conf (added) check in upstream named.conf Thu, 24 Jun 2010 05:21:33 GMT mitchb [1579] * trunk/server/fedora/config/etc/nagios/check_ldap_mmr.real (modified) Augment LDAP-MMR NRPE plugin to check for replication conflicts ... Thu, 24 Jun 2010 02:42:46 GMT geofft [1578] * trunk/server/fedora/config/etc/pki/tls/certs/scripts-cert.pem (modified) New certificate for scripts-cert Tue, 22 Jun 2010 07:49:05 GMT mitchb [1577] * trunk/server/fedora/config/etc/pki/tls/certs/tours.pem (modified) Renewed certificate for tours.mit.edu Mon, 07 Jun 2010 13:32:28 GMT geofft [1575] * trunk/server/fedora/config/etc/postfix/blocked_users (modified) Also disable outgoing mail, not just incoming bounces Mon, 07 Jun 2010 10:45:39 GMT adehnert [1574] * trunk/server/fedora/config/etc/aliases (modified) Disable problematic user Sun, 06 Jun 2010 08:48:12 GMT adehnert [1573] * trunk/server/fedora/config/etc/cron.d/scripts-ldap-cert-check (added) Add cron job to check the cert Thu, 27 May 2010 09:08:19 GMT geofft [1565] * trunk/server/common/oursrc/accountadm/mbashrc (modified) mbashrc: Replace su/sudo with shell functions giving nice errors ... Thu, 20 May 2010 15:31:10 GMT adehnert [1562] * trunk/server/fedora/specs/krb5.spec.patch (modified) Update krb5.spec patch for new upstream version Wed, 19 May 2010 07:02:32 GMT adehnert [1561] * trunk/server/common/patches/texlive-CVE-2010-1440.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/texlive.spec.patch (deleted) Revert "Patch for CVE-2010-1440 (and CVE-2010-0739)" This reverts ... Wed, 19 May 2010 07:02:29 GMT adehnert [1560] * trunk/server/common/patches/dvipng-CVE-2010-0829.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/dvipng.spec.patch (deleted) Revert "Patch for CVE-2010-0829... SSDP: Same Thing, Different ... Fri, 07 May 2010 07:48:20 GMT mitchb [1559] * trunk/server/common/patches/dvipng-CVE-2010-0829.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/dvipng.spec.patch (added) Patch for CVE-2010-0829... SSDP: Same Thing, Different Package Fri, 07 May 2010 05:48:18 GMT adehnert [1558] * trunk/server/doc/package-build-howto (modified) Clarify/expand the package build instructions Fri, 07 May 2010 05:44:58 GMT adehnert [1557] * trunk/server/common/patches/texlive-CVE-2010-1440.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/texlive.spec.patch (added) Patch for CVE-2010-1440 (and CVE-2010-0739) Both are crashes or ... Wed, 05 May 2010 05:06:27 GMT mitchb [1555] * trunk/server/common/patches/openafs-release-glock.patch (added) * trunk/server/fedora/specs/openafs.spec.patch (modified) There can be only one! (so stop hogging the GLOCK) OpenAFS 1.4.12 ... Mon, 03 May 2010 05:24:10 GMT andersk [1554] * trunk/server/fedora/specs/nss_nonlocal.spec (modified) nss_nonlocal.spec: License is LGPLv2+. Mon, 03 May 2010 05:20:42 GMT andersk [1553] * trunk/server/common/oursrc/nss_nonlocal/COPYING.LESSER (added) * trunk/server/common/oursrc/nss_nonlocal/README (modified) * trunk/server/common/oursrc/nss_nonlocal/configure.ac (modified) * trunk/server/common/oursrc/nss_nonlocal/nonlocal-group.c (modified) * trunk/server/common/oursrc/nss_nonlocal/nonlocal-passwd.c (modified) * trunk/server/common/oursrc/nss_nonlocal/nonlocal-shadow.c (modified) * trunk/server/fedora/specs/nss_nonlocal.spec (modified) Update nss_nonlocal to 1.11. Thu, 29 Apr 2010 23:55:20 GMT adehnert [1552] * trunk/server/fedora/config/etc/httpd/vhosts.d/finboard.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/finboard.pem (added) Add certificate for Finboard Sun, 25 Apr 2010 10:33:53 GMT mitchb [1545] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/openafs.spec.patch (modified) Revert r1510. Back out to OpenAFS 1.4.11. 1.4.12 may not have been ... Sat, 24 Apr 2010 03:14:20 GMT geofft [1544] * trunk/server/doc/install-howto.sh (modified) Revert "install-howto.sh: Unpushed commit from February 8" As Mitch ... Tue, 20 Apr 2010 07:13:32 GMT geofft [1543] * trunk/server/fedora/config/etc/aliases (modified) aliases: Update root@scripts.mit.edu list to current maintainers Tue, 20 Apr 2010 06:42:22 GMT geofft [1542] * trunk/server/doc/install-howto.sh (modified) install-howto.sh: Unpushed commit from February 8 Apparently I was ... Tue, 20 Apr 2010 04:20:49 GMT mitchb [1541] * trunk/server/fedora/config/etc/httpd/vhosts.d/asa.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/asa.pem (added) SSL certificate and config for asa.mit.edu Fri, 16 Apr 2010 09:40:31 GMT mitchb [1540] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Two's company and three's a crowd, but have an orgy if you must ... Fri, 16 Apr 2010 09:21:37 GMT mitchb [1539] * trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch (deleted) * trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) Upgrade to Apache 2.2.15 Also drop the CVE-2010-0434 patch which is ... Sun, 11 Apr 2010 13:49:07 GMT mitchb [1538] * trunk/server/fedora/config/etc/pki/tls/certs/bc.pem (modified) Renewed certificate for bc.mit.edu Sun, 11 Apr 2010 10:38:29 GMT mitchb [1537] * trunk/server/fedora/specs/krb5.spec.patch (modified) Upstream krb5 update Sun, 11 Apr 2010 01:16:22 GMT ezyang [1536] * trunk/server/fedora/config/etc/httpd/vhosts.d/quickprint.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/quickprint.pem (added) Certificate and Apache config for quickprint. Thu, 08 Apr 2010 07:41:09 GMT mitchb [1535] * trunk/server/fedora/specs/moira.spec (modified) Update moira snapshot Wed, 31 Mar 2010 23:26:32 GMT quentin [1532] * trunk/server/doc/HOWTO-SETUP-LDAP (modified) Add an index on scriptsVhostAccount, so that Pony's query will be happy Tue, 30 Mar 2010 07:09:00 GMT mitchb [1531] * trunk/server/fedora/specs/openssh.spec.patch (modified) Upstream openssh release bump Mon, 29 Mar 2010 03:29:00 GMT mitchb [1529] * trunk/server/fedora/config/etc/pki/tls/certs/tibetforum.pem (modified) New certificate for tibetforum.mit.edu Fri, 26 Mar 2010 10:46:21 GMT mitchb [1522] * trunk/server/fedora/Makefile (modified) Make it possible to build packages that haven't been committed yet Fri, 26 Mar 2010 08:02:21 GMT mitchb [1519] * trunk/server/fedora/specs/krb5.spec.patch (modified) Upstream update of krb5 packages Thu, 18 Mar 2010 05:18:34 GMT mitchb [1510] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/openafs.spec.patch (modified) It's a new thing! It's a nice thing! It's... Supe^WOpenAFS 1.4.12! Fri, 12 Mar 2010 09:13:12 GMT andersk [1509] * trunk/server/common/patches/openafs-scripts.patch (modified) Return real error codes from unauthorized PGetTokens, PSetTokens, ... Fri, 12 Mar 2010 07:13:48 GMT mitchb [1508] * trunk/server/fedora/specs/nss_nonlocal.spec (modified) Don't remove groups on uninstallation of nss_nonlocal Fri, 12 Mar 2010 06:18:34 GMT mitchb [1507] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/scripts-base.spec (modified) * trunk/server/fedora/specs/shadow-utils.spec.patch (added) Temporarily scriptsify shadow-utils to fix max length of group names ... Fri, 12 Mar 2010 04:23:35 GMT mitchb [1506] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) New CellServDB from grand.central.org, via Ops Thu, 11 Mar 2010 11:29:29 GMT mitchb [1505] * trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch (added) * trunk/server/fedora/specs/httpd.spec.patch (modified) CVE-2010-0434: Putting the "Patch" in "Apache" since... well, 2010 Fri, 05 Mar 2010 05:05:16 GMT mitchb [1503] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/scripts-wizard.spec (added) New scripts-wizard package This package presently provides a ... Fri, 05 Mar 2010 03:58:51 GMT mitchb [1502] * trunk/server/common/oursrc/scripts-wizard (added) Directory for scripts-wizard package Yes, it's empty. Yes, it's ... Thu, 04 Mar 2010 18:39:25 GMT mitchb [1501] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) We won't always have paris (CellServDB update, take 2) Wed, 03 Mar 2010 18:10:32 GMT mitchb [1500] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) Updated CellServDB from Ops Sun, 28 Feb 2010 11:09:13 GMT mitchb [1499] * trunk/server/fedora/specs/httpd.spec.patch (modified) Upgrade Apache from 2.2.13-1 to 2.2.14-1 Sun, 28 Feb 2010 10:22:49 GMT mitchb [1498] * trunk/server/fedora/Makefile (modified) Make sure that SRPMs for upstream packages actually come from ... Thu, 25 Feb 2010 23:33:53 GMT mitchb [1491] * trunk/server/fedora/specs/moira.spec (modified) Make it possible for Accounts to create users on scripts (new moira, ... Thu, 25 Feb 2010 08:10:38 GMT mitchb [1490] * trunk/server/common/patches/moira-install-headers.patch (deleted) * trunk/server/fedora/specs/moira.spec (modified) New moira packages Wed, 24 Feb 2010 04:44:33 GMT mitchb [1489] * trunk/server/doc/adding-static-exts (modified) Fix directions for adding static extensions ========= Instance: ... Wed, 24 Feb 2010 04:00:08 GMT mitchb [1487] * trunk/server/fedora/config/etc/pki/tls/certs/schuh.pem (modified) Renewed certificate for schuh.mit.edu Mon, 22 Feb 2010 08:09:49 GMT geofft [1483] * trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf (modified) __scripts/needcerts: Add support for working around Safari Safari ... Sat, 20 Feb 2010 23:18:36 GMT ezyang [1482] * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) Take upstream changes to use alternative runtime directory for fcgi; ... Sat, 20 Feb 2010 21:25:07 GMT ezyang [1481] * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) Don't chmod /var/run/httpd 0700, since that breaks fcgid. Fri, 19 Feb 2010 21:18:13 GMT ezyang [1474] * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) Specify uid 102 is signup, and remove dead SELinux code. Fri, 19 Feb 2010 08:44:47 GMT mitchb [1473] * trunk/server/doc/HOWTO-SETUP-LDAP (modified) LDAP, now with 200% more indexed queries! Previously, only about ... Fri, 19 Feb 2010 06:11:57 GMT quentin [1472] * trunk/server/fedora/config/etc/cron.d/quickprint (modified) Use the right script... Wed, 17 Feb 2010 16:44:13 GMT gdb [1468] * trunk/server/common/oursrc/hacron/hacron (modified) Fixed the exception type problem in this code; fixed up remove- servers. Sat, 13 Feb 2010 22:36:36 GMT gdb [1467] * trunk/server/common/oursrc/hacron/hacron (modified) Minor hacron fixes Sat, 13 Feb 2010 22:21:34 GMT gdb [1466] * trunk/server/common/oursrc/hacron/hacron (modified) Another pass over hacron Sat, 13 Feb 2010 05:55:58 GMT quentin [1465] * trunk/server/fedora/config/etc/cron.d/quickprint (added) QuickPrint cronjob (so it runs on every host) Fri, 12 Feb 2010 08:52:35 GMT mitchb [1464] * trunk/server/common/oursrc/execsys/mime.types (modified) * trunk/server/common/oursrc/execsys/static-cat.c.pre (modified) * trunk/server/common/oursrc/execsys/upd-execsys (modified) * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) What's that? I can't hear you over the static! o Make Apache, ... Fri, 12 Feb 2010 07:47:59 GMT andersk [1463] * trunk/server/common/oursrc/httpdmods/mod_vhost_ldap.c (modified) mod_vhost_ldap: Copy the server_rec instead of corrupting it in place. Mon, 08 Feb 2010 08:06:20 GMT geofft [1462] * trunk/server/doc/install-howto.sh (modified) install-howto.sh: IBTSOCS Mon, 08 Feb 2010 07:25:38 GMT geofft [1461] * trunk/server/doc/install-howto.sh (modified) surprise I'm installing GDChart Sat, 06 Feb 2010 09:50:23 GMT mitchb [1460] * trunk/server/fedora/config/etc/httpd/vhosts.d/isawyou.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/isawyou.pem (added) Certificate and Apache config for isawyou.mit.edu Sat, 06 Feb 2010 09:43:58 GMT mitchb [1459] * trunk/server/fedora/Makefile (modified) Backport cluster-glue, heartbeat, and pacemaker from F12 We want to ... Sat, 06 Feb 2010 09:39:19 GMT mitchb [1458] * trunk/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (modified) * trunk/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (modified) Allow "buildroot override" functionality in mock via a local repo ... Sat, 06 Feb 2010 04:35:19 GMT gdb [1457] * trunk/server/common/oursrc/hacron/hacron (modified) Now with lock timeouts Sat, 06 Feb 2010 04:30:11 GMT gdb [1456] * trunk/server/common/oursrc/hacron (added) * trunk/server/common/oursrc/hacron/hacron (added) Added hacron script Fri, 05 Feb 2010 13:57:42 GMT mitchb [1455] * trunk/server/fedora/config/etc/httpd/vhosts.d/classmates.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/classmates.pem (added) Certificate and Apache config for classmates.mit.edu Tue, 02 Feb 2010 07:11:24 GMT mitchb [1454] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Enable mod_deflate In these harsh economic times, scripts should ... Mon, 01 Feb 2010 07:45:54 GMT mitchb [1453] * trunk/server/common/patches/gzip-cve-2009-2624.patch (deleted) * trunk/server/common/patches/gzip-cve-2010-0001.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/gzip.spec.patch (deleted) Stop scriptsifying gzip Fedora has released a package with the ... Sun, 31 Jan 2010 00:30:45 GMT mitchb [1452] * trunk/server/fedora/config/etc/postfix/virtual_re (modified) Speed up postfix acceptance of mail to foo@scripts.mit.edu Postfix ... Sun, 31 Jan 2010 00:14:01 GMT quentin [1451] * trunk/server/doc/install-howto.sh (modified) Add Munin configuration to the install instructions Fri, 29 Jan 2010 18:10:42 GMT mitchb [1450] * trunk/server/doc/install-howto.sh (modified) More LDAP customizations needed on test servers Fri, 29 Jan 2010 17:51:20 GMT mitchb [1449] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Handle vhosts that have multiple defined aliases Fri, 29 Jan 2010 17:26:57 GMT mitchb [1448] * trunk/server/fedora/config/etc/pki/tls/certs/eastgate.pem (modified) Renewed certificate for eastgate.mit.edu Wed, 27 Jan 2010 00:13:55 GMT quentin [1447] * trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf (added) * trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf (added) * trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf (added) Reify *.blue-sun-corp.com Wed, 27 Jan 2010 00:13:42 GMT quentin [1446] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Missed a ServerAlias Wed, 27 Jan 2010 00:04:42 GMT quentin [1445] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Handle vhosts that don't have any defined aliases Tue, 26 Jan 2010 23:57:27 GMT quentin [1444] * trunk/server/fedora/config/etc/pki/tls/certs/blue-sun-corp.com.pem (added) Add *.blue-sun-corp.com cert Tue, 26 Jan 2010 15:48:01 GMT mitchb [1443] * trunk/server/fedora/config/etc/postfix/main.cf (modified) * trunk/server/fedora/config/etc/postfix/virtual-alias-domains-ldap.cf (added) * trunk/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf (added) I Bemoan The State Of Postfix (LDAP and mail hosting for all our vhosts) Sat, 23 Jan 2010 23:27:05 GMT geofft [1437] * trunk/server/fedora/config/etc/aliases (modified) I don't want mail to info@, marketing@, sales@, or support@scripts Sat, 23 Jan 2010 12:06:54 GMT mitchb [1436] * trunk/server/fedora/config/etc/sysconfig/iptables (modified) Stop using deprecated intraposed format for iptables rules I've seen ... Sat, 23 Jan 2010 09:01:54 GMT mitchb [1435] * trunk/server/fedora/config/etc/postfix/blocked_users (modified) Unblock outbound mail from cycling-club [Redacted] Thu, 21 Jan 2010 14:19:20 GMT mitchb [1434] * trunk/server/fedora/config/etc/pki/tls/certs/picker.pem (modified) Renewed certificate for picker.mit.edu Thu, 21 Jan 2010 13:04:20 GMT mitchb [1433] * trunk/server/common/patches/gzip-cve-2009-2624.patch (added) * trunk/server/common/patches/gzip-cve-2010-0001.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/gzip.spec.patch (added) Scriptsify gzip to patch for CVE-2009-2624 and CVE-2010-0001 Wed, 20 Jan 2010 21:57:19 GMT xavid [1432] * trunk/server/doc/install-howto.sh (modified) Add information about the -Z flag to easy_install. Thu, 14 Jan 2010 10:36:48 GMT mitchb [1425] * trunk/server/fedora/config/usr/vice/etc/ThisCell (added) * trunk/server/fedora/config/usr/vice/etc/cacheinfo (added) AFS, you've stepped on these files for the last time cacheinfo - ... Thu, 14 Jan 2010 08:27:36 GMT mitchb [1424] * trunk/server/fedora/config/etc/yum.repos.d/scripts.repo (modified) yum config for scripts testing repo If we're going to do exciting ... Wed, 13 Jan 2010 14:20:09 GMT mitchb [1423] * trunk/server/fedora/specs/krb5.spec.patch (modified) Update krb5 to patch for MITKRB5-SA-2009-004/CVE-2009-4212 This is ... Sat, 09 Jan 2010 21:30:26 GMT geofft [1412] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) httpd.conf: Permit index.fcgi as an index This ought to fix the ... Thu, 07 Jan 2010 23:43:19 GMT mitchb [1409] * trunk/server/fedora/config/etc/pki/tls/certs/debathena.pem (modified) Renewed debathena.mit.edu cert Wed, 06 Jan 2010 05:47:05 GMT mitchb [1406] * trunk/server/common/patches/moira-fix-manpage-paths.patch (added) * trunk/server/common/patches/moira-install-headers.patch (modified) * trunk/server/fedora/specs/moira.spec (modified) Play Evan on TV (update moira to new snapshot, provide shared ...