krb5/krb5.spec

724 lines
24 KiB
RPMSpec
Raw Normal View History

#
# spec file for package krb5 (Version 1.6)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5
Version: 1.6
Release: 20
BuildRequires: bison libcom_err ncurses-devel
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
%endif
%define srcRoot krb5-1.6
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/%{name}
Provides: heimdal-lib
Obsoletes: heimdal-lib
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.6.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.4-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch4: krb5-1.6-post.dif
Patch5: krb5-1.6-patchlevel.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
#Patch23: trunk-install-preauth-header.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package client
Summary: MIT Kerberos5 implementation - client programms
Group: Productivity/Networking/Security
Provides: heimdal-tools, heimdal-x11
Obsoletes: heimdal-tools, heimdal-x11
%description client
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package server
Summary: MIT Kerberos5 implementation - server
Group: Productivity/Networking/Security
Provides: heimdal
Obsoletes: heimdal
Requires: perl-Date-Calc
PreReq: %insserv_prereq %fillup_prereq
%description server
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes the kdc, kadmind
and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package devel
Summary: MIT Kerberos5 - Include Files and Libraries
Group: Development/Libraries/C and C++
PreReq: %{name} = %{version}
Requires: libcom_err
%if %{suse_version} > 1010
Requires: keyutils-devel
%endif
Provides: heimdal-tools-devel, heimdal-devel
Obsoletes: heimdal-tools-devel, heimdal-devel
%description devel
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes Libraries and
Include Files for Development
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
%patch21
%patch22
#%patch23
%patch24
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-kdc-replay-cache \
--enable-dns-for-realm \
--with-system-et \
--with-system-ss
make %{?jobs:-j%jobs}
#make check
%install
rm -rf %{buildroot}
cd src
make DESTDIR=%{buildroot} install
cd ..
# install sample config files
# I'll probably do something about this later on
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}/etc/profile.d/
mkdir -p %{buildroot}/var/log/krb5
mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
# install init scripts
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5kdc.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5kdc
install -m 644 %{vendorFiles}/kadmind.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/kadmind
find . -type f -name '*.ps' -exec gzip -9 {} \;
# create rc* links
mkdir -p %{buildroot}/usr/bin/
ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind
ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc
ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd
ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d
# create links for kinit and klist, because of the java ones
ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit
ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist
# install doc
install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/%{krb5docdir}/heimdal2mit-DumpConvert.pl
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/%{krb5docdir}/simple_convert_krb5conf.pl
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%pre
# test update from heimdal-lib
if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null`
then
# we update from heimdal
echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal"
mv etc/krb5.conf etc/krb5.conf.heimdal
touch var/adm/fillup-templates/heimdal-update
if [ -e etc/krb5.keytab ]
then
echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal"
mv etc/krb5.keytab etc/krb5.keytab.heimdal
fi
fi
%post
%run_ldconfig
if [ -e var/adm/fillup-templates/heimdal-update ]
then
%_defaultdocdir/krb5/simple_convert_krb5conf.pl
rm -f /var/adm/fillup-templates/heimdal-update
fi
if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ]
then
echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf"
mv etc/krb5.conf.rpmnew etc/krb5.conf
fi
%postun
%run_ldconfig
#####################################################
# krb5-server preun/postun
#####################################################
%preun server
%stop_on_removal krb5kdc kadmind kpropd krb524d
%postun server
%restart_on_update krb5kdc kadmind kpropd krb524d
%{insserv_cleanup}
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files
%defattr(-,root,root)
%dir %{krb5docdir}
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
%doc %{krb5docdir}/simple_convert_krb5conf.pl
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
%{_libdir}/lib*.so.*
%{_libdir}/libgssapi_krb5.so
%files server
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5kdc
%config(noreplace) %{_sysconfdir}/logrotate.d/kadmind
%{_sysconfdir}/init.d/kadmind
%{_sysconfdir}/init.d/krb5kdc
%{_sysconfdir}/init.d/kpropd
%{_sysconfdir}/init.d/krb524d
%dir %{krb5docdir}
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
%dir %{_localstatedir}/lib/kerberos/
%dir %{_localstatedir}/lib/kerberos/krb5kdc
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%doc %{krb5docdir}/heimdal2mit-DumpConvert.pl
%doc %{krb5docdir}/README.ConvertHeimdalMIT
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
/usr/bin/rc*
/usr/lib/mit/sbin/kadmin.local
/usr/lib/mit/sbin/kadmind
/usr/lib/mit/sbin/kpropd
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/krb524d
/usr/lib/mit/sbin/EncryptWithMasterKey
%{_libdir}/krb5/plugins/kdb/*.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
%{_mandir}/man8/kpropd.8*
%{_mandir}/man8/kprop.8*
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/krb524d.8*
/etc/sysconfig/SuSEfirewall2.d/services/k*
%files client
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
/usr/lib/mit/bin/kdestroy
/usr/lib/mit/bin/kpasswd
/usr/lib/mit/bin/klist
/usr/lib/mit/bin/krb524init
/usr/lib/mit/sbin/kadmin
/usr/lib/mit/sbin/ktutil
/usr/lib/mit/sbin/k5srvutil
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
%{_mandir}/man1/kinit.1*
%{_mandir}/man1/krb524init.1*
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/kadmin.8*
%{_mandir}/man8/ktutil.8*
%{_mandir}/man8/k5srvutil.8*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/login.krb5.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
# removed SUID bit
%attr(0755,root,root)/usr/lib/mit/bin/v4rcp
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/v4rcp.1*
%{_mandir}/man1/sclient.1*
%files devel
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/krb5-config
%{_libdir}/libdes425.so
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb4.so
%{_libdir}/libkrb5.so
%{_libdir}/libkrb5support.so
%{_includedir}/*
/usr/lib/mit/sbin/krb5-send-pr
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%changelog
* Wed Apr 11 2007 - mc@suse.de
- update krb5-1.6-post.dif
* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]
* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]
* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]
* Thu Mar 29 2007 - mc@suse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches
* Mon Mar 05 2007 - mc@suse.de
- move SuSEFirewall service definitions to
/etc/sysconfig/SuSEfirewall2.d/services
* Thu Feb 22 2007 - mc@suse.de
- add firewall definition to krb5-server, FATE #300687
* Mon Feb 19 2007 - mc@suse.de
- update krb5-1.6-post.dif
- move some applications into the right package
* Fri Feb 09 2007 - mc@suse.de
- update krb5-1.6-post.dif
* Mon Jan 29 2007 - mc@suse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
* Tue Jan 23 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
* Mon Jan 22 2007 - mc@suse.de
- krb5-devel should require keyutils-devel
* Mon Jan 22 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches
* Wed Jan 10 2007 - mc@suse.de
- fix for
kadmind (via RPC library) calls uninitialized function pointer
(CVE-2006-6143)(Bug #225990)
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
kadmind (via GSS-API mechglue) frees uninitialized pointers
(CVE-2006-6144)(Bug #225992)
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
* Tue Jan 02 2007 - mc@suse.de
- Fix Requires in krb5-devel
[Bug #231008]
* Mon Nov 06 2006 - mc@suse.de
- fix "local variable used before set" [#217692]
- fix strncat warning
* Fri Oct 27 2006 - mc@suse.de
- add a default kadm5.dict file
- require $network on daemon start
* Wed Sep 13 2006 - mc@suse.de
- fix function call with too few arguments [#203837]
* Thu Aug 24 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Fri Aug 11 2006 - mc@suse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]
* Mon Aug 07 2006 - mc@suse.de
- remove update-messages
* Mon Jul 24 2006 - mc@suse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]
* Mon Jul 03 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
* Fri May 26 2006 - ro@suse.de
- libcom is not in e2fsck-devel but in its own package now, change
Requires accordingly.
* Mon Mar 27 2006 - mc@suse.de
- add all daemons to %%stop_on_removal and %%restart_on_update
- add reload to kpropd init script
- add force-reload to all init scripts
* Mon Mar 13 2006 - mc@suse.de
- add libgssapi_krb5.so link to main package [#147912]
* Fri Feb 03 2006 - mc@suse.de
- fix logging section for kadmind in convert script
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 - mc@suse.de
- change the logging defaults
* Wed Jan 11 2006 - mc@suse.de
- add tools and README for heimdal => MIT update
* Mon Jan 09 2006 - mc@suse.de
- fix build problems, define _GNU_SOURCE
(krb5-1.4.3-set_gnu_source.dif )
* Tue Jan 03 2006 - mc@suse.de
- added "make %%{?jobs:-j%%jobs}"
* Fri Nov 18 2005 - mc@suse.de
- update to version 1.4.3
* some memmory leaks fixed
* fix for "AS_REP padata has wrong enctype"
* fix for "AS_REP padata missing PA-ETYPE-INFO"
* ... and more
* Wed Nov 02 2005 - dmueller@suse.de
- don't build as root
* Tue Oct 11 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
* Mon Aug 08 2005 - mc@suse.de
- build with --disable-static
* Thu Aug 04 2005 - ro@suse.de
- remove devel-static subpackage
* Thu Jun 30 2005 - mc@suse.de
- better patch for princ_comp problem
* Mon Jun 27 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-gcc4.dif
- krb5-1.4-reduce-namespace-polution.dif
- krb5-1.4-VUL-0-telnet.dif
* Thu Jun 23 2005 - mc@suse.de
- fixed krb5 KDC heap corruption by random free
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
- fixed krb5 double free()
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
- fix krb5 NULL pointer reference while comparing principals
[#91600]
* Fri Jun 17 2005 - mc@suse.de
- fix uninitialized variables
- compile with -fPIE/ link with -pie
* Wed Apr 20 2005 - mc@suse.de
- fixed wrong xinetd files [#77149]
* Fri Apr 08 2005 - mt@suse.de
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
by libcom_err locking patches
* Thu Apr 07 2005 - mc@suse.de
- fixed missing descriptions in init files
[#76164, #76165, #76166, #76169]
* Wed Mar 30 2005 - mc@suse.de
- enhance $PATH via /etc/profile.d/ [#74018]
- remove the "links to important programs"
* Fri Mar 18 2005 - mc@suse.de
- fixed not running converter script [#72854]
* Thu Mar 17 2005 - mc@suse.de
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
Overflow
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
Overflow
[#73618]
* Wed Mar 16 2005 - mc@suse.de
- fixed wrong PreReqs [#73020]
* Tue Mar 15 2005 - mc@suse.de
- add a simple krb5.conf converter [#72854]
* Mon Mar 14 2005 - mc@suse.de
- fixed: rckrb5kdc restart gives wrong status with non-running service
[#72446]
* Thu Mar 10 2005 - mc@suse.de
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
* Fri Feb 25 2005 - mc@suse.de
- fix double free [#66534]
krb5-1.4-fix-error_tables.dif
* Fri Feb 11 2005 - mc@suse.de
- change mode for shared libraries to 755
* Fri Feb 04 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
- add a check for spx.c in the spec-file
- use rich-text for update-messages [#50250]
* Tue Feb 01 2005 - mc@suse.de
- add krb5-1.4-reduce-namespace-polution.dif
reduce namespace polution in gssapi.h [#50356]
* Fri Jan 28 2005 - mc@suse.de
- update to version 1.4
- Add implementation of the RPCSEC_GSS authentication flavor to the
RPC library.
- Thread safety for krb5 libraries.
- Merged Athena telnetd changes for creating a new option for
requiring encryption.
- The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
- Yarrow code now uses AES.
- Merged Athena changes to allow ftpd to require encrypted passwords.
- Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
- remove obsolet patches
* Mon Jan 17 2005 - mc@suse.de
- add proofreaded update-messages
* Fri Jan 14 2005 - mc@suse.de
- remove Conflicts: and add Provides:
- add some insserv stuff
* Thu Jan 13 2005 - mc@suse.de
- move vendor files to vendor-files.tar.bz2
- add obsoletes: heimdal
- add %%pre and %%post sections to detect update
from heimdal and backup invalid configuration files
- add update-messages for heimdal update
* Mon Jan 10 2005 - mc@suse.de
- update to version 1.3.6
- fix for: heap buffer overflow in libkadm5srv
[CAN-2004-1189 / MITKRB5-SA-2004-004]
* Tue Dec 14 2004 - mc@suse.de
- build doc subpackage in an own specfile
- removed unnecessary neededforbuild requirements
* Wed Nov 24 2004 - coolo@suse.de
- fix build with gcc 4
* Mon Nov 15 2004 - mc@suse.de
- added Conflicts with heimdal*
- rename some manpages to avoid conflicts
* Thu Nov 04 2004 - mc@suse.de
- new init scripts
- fix logrotate scripts
- add some 64Bit fixes
- add default krb5.conf, kdc.conf and kadm5.acl
* Wed Nov 03 2004 - mc@suse.de
- add e2fsprogs to NFB
- use system-et and system-ss
- fix includes of com_err.h
* Thu Oct 28 2004 - mc@suse.de
- Initital checkin