# # ChangeLog for trunk/server # # Generated by Trac 1.0.2 # Oct 26, 2025, 10:42:16 AM Fri, 12 Mar 2010 09:13:12 GMT andersk [1509] * trunk/server/common/patches/openafs-scripts.patch (modified) Return real error codes from unauthorized PGetTokens, PSetTokens, ... Fri, 12 Mar 2010 07:13:48 GMT mitchb [1508] * trunk/server/fedora/specs/nss_nonlocal.spec (modified) Don't remove groups on uninstallation of nss_nonlocal Fri, 12 Mar 2010 06:18:34 GMT mitchb [1507] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/scripts-base.spec (modified) * trunk/server/fedora/specs/shadow-utils.spec.patch (added) Temporarily scriptsify shadow-utils to fix max length of group names ... Fri, 12 Mar 2010 04:23:35 GMT mitchb [1506] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) New CellServDB from grand.central.org, via Ops Thu, 11 Mar 2010 11:29:29 GMT mitchb [1505] * trunk/server/common/patches/httpd-2.2.x-CVE-2010-0434.patch (added) * trunk/server/fedora/specs/httpd.spec.patch (modified) CVE-2010-0434: Putting the "Patch" in "Apache" since... well, 2010 Fri, 05 Mar 2010 05:05:16 GMT mitchb [1503] * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/scripts-wizard.spec (added) New scripts-wizard package This package presently provides a ... Fri, 05 Mar 2010 03:58:51 GMT mitchb [1502] * trunk/server/common/oursrc/scripts-wizard (added) Directory for scripts-wizard package Yes, it's empty. Yes, it's ... Thu, 04 Mar 2010 18:39:25 GMT mitchb [1501] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) We won't always have paris (CellServDB update, take 2) Wed, 03 Mar 2010 18:10:32 GMT mitchb [1500] * trunk/server/fedora/config/usr/vice/etc/CellServDB.local (modified) Updated CellServDB from Ops Sun, 28 Feb 2010 11:09:13 GMT mitchb [1499] * trunk/server/fedora/specs/httpd.spec.patch (modified) Upgrade Apache from 2.2.13-1 to 2.2.14-1 Sun, 28 Feb 2010 10:22:49 GMT mitchb [1498] * trunk/server/fedora/Makefile (modified) Make sure that SRPMs for upstream packages actually come from ... Thu, 25 Feb 2010 23:33:53 GMT mitchb [1491] * trunk/server/fedora/specs/moira.spec (modified) Make it possible for Accounts to create users on scripts (new moira, ... Thu, 25 Feb 2010 08:10:38 GMT mitchb [1490] * trunk/server/common/patches/moira-install-headers.patch (deleted) * trunk/server/fedora/specs/moira.spec (modified) New moira packages Wed, 24 Feb 2010 04:44:33 GMT mitchb [1489] * trunk/server/doc/adding-static-exts (modified) Fix directions for adding static extensions ========= Instance: ... Wed, 24 Feb 2010 04:00:08 GMT mitchb [1487] * trunk/server/fedora/config/etc/pki/tls/certs/schuh.pem (modified) Renewed certificate for schuh.mit.edu Mon, 22 Feb 2010 08:09:49 GMT geofft [1483] * trunk/server/fedora/config/etc/httpd/conf.d/scripts-special.conf (modified) __scripts/needcerts: Add support for working around Safari Safari ... Sat, 20 Feb 2010 23:18:36 GMT ezyang [1482] * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) Take upstream changes to use alternative runtime directory for fcgi; ... Sat, 20 Feb 2010 21:25:07 GMT ezyang [1481] * trunk/server/doc/install-howto.sh (modified) * trunk/server/fedora/specs/httpd.spec.patch (modified) Don't chmod /var/run/httpd 0700, since that breaks fcgid. Fri, 19 Feb 2010 21:18:13 GMT ezyang [1474] * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) Specify uid 102 is signup, and remove dead SELinux code. Fri, 19 Feb 2010 08:44:47 GMT mitchb [1473] * trunk/server/doc/HOWTO-SETUP-LDAP (modified) LDAP, now with 200% more indexed queries! Previously, only about ... Fri, 19 Feb 2010 06:11:57 GMT quentin [1472] * trunk/server/fedora/config/etc/cron.d/quickprint (modified) Use the right script... Wed, 17 Feb 2010 16:44:13 GMT gdb [1468] * trunk/server/common/oursrc/hacron/hacron (modified) Fixed the exception type problem in this code; fixed up remove- servers. Sat, 13 Feb 2010 22:36:36 GMT gdb [1467] * trunk/server/common/oursrc/hacron/hacron (modified) Minor hacron fixes Sat, 13 Feb 2010 22:21:34 GMT gdb [1466] * trunk/server/common/oursrc/hacron/hacron (modified) Another pass over hacron Sat, 13 Feb 2010 05:55:58 GMT quentin [1465] * trunk/server/fedora/config/etc/cron.d/quickprint (added) QuickPrint cronjob (so it runs on every host) Fri, 12 Feb 2010 08:52:35 GMT mitchb [1464] * trunk/server/common/oursrc/execsys/mime.types (modified) * trunk/server/common/oursrc/execsys/static-cat.c.pre (modified) * trunk/server/common/oursrc/execsys/upd-execsys (modified) * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) What's that? I can't hear you over the static! o Make Apache, ... Fri, 12 Feb 2010 07:47:59 GMT andersk [1463] * trunk/server/common/oursrc/httpdmods/mod_vhost_ldap.c (modified) mod_vhost_ldap: Copy the server_rec instead of corrupting it in place. Mon, 08 Feb 2010 08:06:20 GMT geofft [1462] * trunk/server/doc/install-howto.sh (modified) install-howto.sh: IBTSOCS Mon, 08 Feb 2010 07:25:38 GMT geofft [1461] * trunk/server/doc/install-howto.sh (modified) surprise I'm installing GDChart Sat, 06 Feb 2010 09:50:23 GMT mitchb [1460] * trunk/server/fedora/config/etc/httpd/vhosts.d/isawyou.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/isawyou.pem (added) Certificate and Apache config for isawyou.mit.edu Sat, 06 Feb 2010 09:43:58 GMT mitchb [1459] * trunk/server/fedora/Makefile (modified) Backport cluster-glue, heartbeat, and pacemaker from F12 We want to ... Sat, 06 Feb 2010 09:39:19 GMT mitchb [1458] * trunk/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (modified) * trunk/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (modified) Allow "buildroot override" functionality in mock via a local repo ... Sat, 06 Feb 2010 04:35:19 GMT gdb [1457] * trunk/server/common/oursrc/hacron/hacron (modified) Now with lock timeouts Sat, 06 Feb 2010 04:30:11 GMT gdb [1456] * trunk/server/common/oursrc/hacron (added) * trunk/server/common/oursrc/hacron/hacron (added) Added hacron script Fri, 05 Feb 2010 13:57:42 GMT mitchb [1455] * trunk/server/fedora/config/etc/httpd/vhosts.d/classmates.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/classmates.pem (added) Certificate and Apache config for classmates.mit.edu Tue, 02 Feb 2010 07:11:24 GMT mitchb [1454] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Enable mod_deflate In these harsh economic times, scripts should ... Mon, 01 Feb 2010 07:45:54 GMT mitchb [1453] * trunk/server/common/patches/gzip-cve-2009-2624.patch (deleted) * trunk/server/common/patches/gzip-cve-2010-0001.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/gzip.spec.patch (deleted) Stop scriptsifying gzip Fedora has released a package with the ... Sun, 31 Jan 2010 00:30:45 GMT mitchb [1452] * trunk/server/fedora/config/etc/postfix/virtual_re (modified) Speed up postfix acceptance of mail to foo@scripts.mit.edu Postfix ... Sun, 31 Jan 2010 00:14:01 GMT quentin [1451] * trunk/server/doc/install-howto.sh (modified) Add Munin configuration to the install instructions Fri, 29 Jan 2010 18:10:42 GMT mitchb [1450] * trunk/server/doc/install-howto.sh (modified) More LDAP customizations needed on test servers Fri, 29 Jan 2010 17:51:20 GMT mitchb [1449] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Handle vhosts that have multiple defined aliases Fri, 29 Jan 2010 17:26:57 GMT mitchb [1448] * trunk/server/fedora/config/etc/pki/tls/certs/eastgate.pem (modified) Renewed certificate for eastgate.mit.edu Wed, 27 Jan 2010 00:13:55 GMT quentin [1447] * trunk/server/fedora/config/etc/httpd/vhosts.d/finance.blue-sun-corp.com.conf (added) * trunk/server/fedora/config/etc/httpd/vhosts.d/music.blue-sun-corp.com.conf (added) * trunk/server/fedora/config/etc/httpd/vhosts.d/trac.blue-sun-corp.com.conf (added) Reify *.blue-sun-corp.com Wed, 27 Jan 2010 00:13:42 GMT quentin [1446] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Missed a ServerAlias Wed, 27 Jan 2010 00:04:42 GMT quentin [1445] * trunk/server/fedora/config/etc/httpd/vhosts.d/reify-vhost.py (modified) Handle vhosts that don't have any defined aliases Tue, 26 Jan 2010 23:57:27 GMT quentin [1444] * trunk/server/fedora/config/etc/pki/tls/certs/blue-sun-corp.com.pem (added) Add *.blue-sun-corp.com cert Tue, 26 Jan 2010 15:48:01 GMT mitchb [1443] * trunk/server/fedora/config/etc/postfix/main.cf (modified) * trunk/server/fedora/config/etc/postfix/virtual-alias-domains-ldap.cf (added) * trunk/server/fedora/config/etc/postfix/virtual-alias-maps-ldap.cf (added) I Bemoan The State Of Postfix (LDAP and mail hosting for all our vhosts) Sat, 23 Jan 2010 23:27:05 GMT geofft [1437] * trunk/server/fedora/config/etc/aliases (modified) I don't want mail to info@, marketing@, sales@, or support@scripts Sat, 23 Jan 2010 12:06:54 GMT mitchb [1436] * trunk/server/fedora/config/etc/sysconfig/iptables (modified) Stop using deprecated intraposed format for iptables rules I've seen ... Sat, 23 Jan 2010 09:01:54 GMT mitchb [1435] * trunk/server/fedora/config/etc/postfix/blocked_users (modified) Unblock outbound mail from cycling-club [Redacted] Thu, 21 Jan 2010 14:19:20 GMT mitchb [1434] * trunk/server/fedora/config/etc/pki/tls/certs/picker.pem (modified) Renewed certificate for picker.mit.edu Thu, 21 Jan 2010 13:04:20 GMT mitchb [1433] * trunk/server/common/patches/gzip-cve-2009-2624.patch (added) * trunk/server/common/patches/gzip-cve-2010-0001.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/gzip.spec.patch (added) Scriptsify gzip to patch for CVE-2009-2624 and CVE-2010-0001 Wed, 20 Jan 2010 21:57:19 GMT xavid [1432] * trunk/server/doc/install-howto.sh (modified) Add information about the -Z flag to easy_install. Thu, 14 Jan 2010 10:36:48 GMT mitchb [1425] * trunk/server/fedora/config/usr/vice/etc/ThisCell (added) * trunk/server/fedora/config/usr/vice/etc/cacheinfo (added) AFS, you've stepped on these files for the last time cacheinfo - ... Thu, 14 Jan 2010 08:27:36 GMT mitchb [1424] * trunk/server/fedora/config/etc/yum.repos.d/scripts.repo (modified) yum config for scripts testing repo If we're going to do exciting ... Wed, 13 Jan 2010 14:20:09 GMT mitchb [1423] * trunk/server/fedora/specs/krb5.spec.patch (modified) Update krb5 to patch for MITKRB5-SA-2009-004/CVE-2009-4212 This is ... Sat, 09 Jan 2010 21:30:26 GMT geofft [1412] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) httpd.conf: Permit index.fcgi as an index This ought to fix the ... Thu, 07 Jan 2010 23:43:19 GMT mitchb [1409] * trunk/server/fedora/config/etc/pki/tls/certs/debathena.pem (modified) Renewed debathena.mit.edu cert Wed, 06 Jan 2010 05:47:05 GMT mitchb [1406] * trunk/server/common/patches/moira-fix-manpage-paths.patch (added) * trunk/server/common/patches/moira-install-headers.patch (modified) * trunk/server/fedora/specs/moira.spec (modified) Play Evan on TV (update moira to new snapshot, provide shared ... Wed, 30 Dec 2009 00:04:13 GMT geofft [1405] * trunk/server/fedora/config/etc/httpd/vhosts.d/impact.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/impact.pem (added) SSL cert and config for impact.mit.edu [help.mit.edu #1111633] Tue, 29 Dec 2009 00:54:23 GMT mitchb [1403] * trunk/server/fedora/specs/moira.spec (modified) Update moira to new upstream version, including eunice printer client Sun, 27 Dec 2009 22:27:45 GMT gdb [1402] * trunk/server/fedora/specs/moira.spec (modified) Removed mit-zephyr from the build deps Sun, 27 Dec 2009 09:54:37 GMT andersk [1399] * trunk/server/fedora/specs/moira.spec (modified) moira.spec: Remove redundant information from summaries and ... Sun, 27 Dec 2009 09:48:40 GMT gdb [1398] * trunk/server/fedora/specs/moira.spec (modified) Silly english Sun, 27 Dec 2009 09:42:01 GMT gdb [1397] * trunk/server/fedora/specs/moira.spec (modified) Fixed Requires for libmoira-devel, small style fixes in moira.spec Sun, 27 Dec 2009 09:01:12 GMT gdb [1396] * trunk/server/common/patches/moira-install-headers.patch (added) * trunk/server/common/patches/moira-update-server.rc.patch (added) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/moira.spec (modified) Built and mildly tested moira RPM Sun, 27 Dec 2009 07:55:15 GMT mitchb [1395] * trunk/server/common/patches/rc.nslcd.patch (deleted) Remove nslcd initscript patch I neglected to punt this in r1294 when ... Sun, 27 Dec 2009 01:00:53 GMT gdb [1394] * trunk/server/fedora/specs/moira.spec (added) Added mostly-working spec file for moira Fri, 25 Dec 2009 09:20:39 GMT mitchb [1393] * trunk/server/fedora/config/etc/mock/scripts-fc11-i386.cfg (modified) * trunk/server/fedora/config/etc/mock/scripts-fc11-x86_64.cfg (modified) Don't allow mock to use mirrors for package updates You know that ... Wed, 23 Dec 2009 19:57:55 GMT quentin [1391] * trunk/server/fedora/config/etc/logwatch/scripts/services/named (modified) Ignore DNSSEC errors Wed, 23 Dec 2009 19:55:49 GMT quentin [1390] * trunk/server/fedora/config/etc/logwatch (added) * trunk/server/fedora/config/etc/logwatch/scripts (added) * trunk/server/fedora/config/etc/logwatch/scripts/services (added) * trunk/server/fedora/config/etc/logwatch/scripts/services/named (added) Import upstream logwatch named script Sat, 19 Dec 2009 05:39:08 GMT ezyang [1383] * trunk/lvs/debian/config/etc/aliases (modified) * trunk/server/fedora/config/etc/aliases (modified) Add ezyang@mit.edu to receive root email. Sat, 19 Dec 2009 05:38:47 GMT ezyang [1382] * trunk/server/doc/install-howto.sh (modified) Miscellaneous extra instructions from f11-test. Thu, 17 Dec 2009 09:22:36 GMT ezyang [1381] * trunk/server/doc/install-howto.sh (modified) Misc doc updates from install f11-test. Thu, 17 Dec 2009 08:17:14 GMT mitchb [1380] * trunk/server/fedora/Makefile (modified) Don't allow Canada to make our servers uninstallable Someone thought ... Fri, 11 Dec 2009 14:27:20 GMT quentin [1379] * trunk/server/fedora/config/etc/sudoers (modified) Run ldap-backup as root so it can manipulate files owned by both ... Thu, 10 Dec 2009 08:34:28 GMT quentin [1378] * trunk/server/fedora/config/etc/sudoers (modified) Allow scripts to execute ldap-backup Wed, 09 Dec 2009 09:45:19 GMT quentin [1377] * trunk/server/fedora/specs/accountadm.spec (modified) Put ldap-backup in the RPM (why isn't this automatic?) Wed, 09 Dec 2009 09:42:28 GMT quentin [1376] * trunk/server/common/oursrc/accountadm/Makefile.in (modified) * trunk/server/common/oursrc/accountadm/ldap-backup (added) A (more) correct LDAP backup script Mon, 23 Nov 2009 08:13:05 GMT andersk [1362] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) * trunk/server/fedora/config/etc/php.d/_scripts.ini (modified) Undo the REDIRECT_STATUS kludge. httpd.conf has always contained ... Fri, 20 Nov 2009 08:00:21 GMT mitchb [1360] * trunk/server/common/patches/php-scripts-304.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/php.spec.patch (deleted) * trunk/server/fedora/specs/scripts-base.spec (modified) Stop scriptsifying php; our patch for the-bug is r281116 in 5.2.11 ... Tue, 10 Nov 2009 05:45:43 GMT andersk [1358] * trunk/server/common/oursrc/execsys/Makefile.in (modified) * trunk/server/common/oursrc/execsys/upd-execsys (modified) execsys: Unbreak stuff broken by r1337. Tue, 10 Nov 2009 05:35:05 GMT andersk [1357] * trunk/server/common/oursrc/execsys/execsys-binfmt (modified) execsys: Disable binfmt_misc extensions. For Mono, use a magic ... Tue, 10 Nov 2009 04:14:34 GMT andersk [1356] * trunk/server/common/patches/httpd-suexec-cloexec.patch (added) * trunk/server/fedora/specs/httpd.spec.patch (modified) suexec: Fix error logging if execv failed. Patch from httpd trunk ... Tue, 10 Nov 2009 04:14:31 GMT andersk [1355] * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) suexec: Exec static-cat or php-cgi after closing the suexec log. Tue, 10 Nov 2009 04:14:29 GMT andersk [1354] * trunk/server/common/patches/httpd-suexec-scripts.patch (modified) suexec: Log the correct path to PHP if execv failed. Signed-off-by: ... Mon, 09 Nov 2009 08:35:35 GMT mitchb [1353] * trunk/server/doc/package-build-howto (modified) Complete overhaul of package building/patching documentation Sun, 08 Nov 2009 23:09:04 GMT geofft [1352] * trunk/server/fedora/config/etc/pki/tls/certs/barnowl.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/cdsa.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/sipb.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/twentytwelve.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/ua.pem (modified) * trunk/server/fedora/config/etc/pki/tls/certs/whatsnext.pem (modified) SSL certificate renewals Sun, 08 Nov 2009 20:59:20 GMT geofft [1351] * trunk/server/fedora/config/etc/httpd/vhosts.d/textbooks.conf (deleted) * trunk/server/fedora/config/etc/pki/tls/certs/textbooks.pem (deleted) Punt textbooks.mit.edu's config because it is no longer on scripts Sun, 08 Nov 2009 20:40:50 GMT geofft [1350] * trunk/server/fedora/config/etc/pki/tls/openssl.cnf (modified) Use a more accurate OU in certificates Sun, 08 Nov 2009 17:16:51 GMT geofft [1349] * trunk/server/doc/package-build-howto (modified) Fix documentation Sun, 08 Nov 2009 16:02:18 GMT mitchb [1348] * trunk/server/common/patches/httpd-2.2.x-mod_ssl-sessioncaching.patch (added) * trunk/server/fedora/specs/httpd.spec.patch (modified) Prompt for certs once, not five bajillion times (fix SSL session ... Sun, 08 Nov 2009 10:23:09 GMT geofft [1347] * trunk/server/common/oursrc/accountadm/admof.c (modified) admof: Add a -noauth flag. Sat, 24 Oct 2009 16:45:00 GMT mitchb [1342] * trunk/server/fedora/config/etc/nagios/check_ldap_mmr.real (modified) Improvements to check_ldap_mmr plugin o Don't put a newline after ... Mon, 19 Oct 2009 23:52:17 GMT ezyang [1341] * trunk/server/fedora/config/etc/httpd/conf/httpd.conf (modified) Disable vhost logging. Thu, 15 Oct 2009 04:58:56 GMT mitchb [1340] * trunk/server/common/patches/rubygem-actionpack-2.3.x-CVE-2009-3009.patch (deleted) * trunk/server/common/patches/rubygem-activesupport-2.3.x-CVE-2009-3009.patch (deleted) * trunk/server/fedora/Makefile (modified) * trunk/server/fedora/specs/rubygem-actionpack.spec.patch (deleted) * trunk/server/fedora/specs/rubygem-activesupport.spec.patch (deleted) Revert r1329 - stop scriptsifying activesupport and actionpack gems ... Wed, 14 Oct 2009 14:40:41 GMT mitchb [1339] * trunk/server/fedora/config/etc/yum.repos.d/fedora-updates.repo (modified) Revert r1328 - accept Rails-related updates from Fedora again Tue, 13 Oct 2009 05:19:11 GMT geofft [1338] * trunk/server/common/oursrc/execsys/execsys-binfmt (modified) execsys: Have binfmt_misc detect executable PHP scripts via magic, ... Tue, 13 Oct 2009 05:11:51 GMT geofft [1337] * trunk/server/common/oursrc/execsys/Makefile.in (modified) * trunk/server/common/oursrc/execsys/configure.in (modified) * trunk/server/common/oursrc/execsys/execsys-binfmt (moved) * trunk/server/common/oursrc/execsys/mrproper (modified) * trunk/server/common/oursrc/execsys/upd-execsys (modified) execsys: Stop automatically generating the binfmt_misc configuration. ... Mon, 05 Oct 2009 18:33:56 GMT geofft [1335] * trunk/server/fedora/config/etc/httpd/vhosts.d/signup.conf (added) * trunk/server/fedora/config/etc/pki/tls/certs/signup.pem (added) CSR and configuration for signup.mit.edu [help.mit.edu #1024298]