krb5/krb5.spec

815 lines
27 KiB
RPMSpec
Raw Normal View History

#
# spec file for package krb5 (Version 1.6.2)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5
Version: 1.6.2
Release: 18
BuildRequires: bison libcom_err-devel ncurses-devel
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
%endif
%define srcRoot krb5-1.6.2
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/%{name}
Provides: heimdal-lib
Obsoletes: heimdal-lib
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.6.2.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Source5: krb5-1.6.1-rpmlintrc
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.6.1-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch4: krb5-1.6.2-post.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
#Patch23: trunk-install-preauth-header.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif
Patch25: krb5-1.6.1-init-salt-length.dif
Patch26: krb5-1.4.3-extra-check-kt_file.c.dif
Patch27: krb5-MITKRB5-SA-2007-006-fix-execute-code-2.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package client
Summary: MIT Kerberos5 implementation - client programs
Group: Productivity/Networking/Security
Provides: heimdal-tools, heimdal-x11
Obsoletes: heimdal-tools, heimdal-x11
%description client
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package server
Summary: MIT Kerberos5 implementation - server
Group: Productivity/Networking/Security
Provides: heimdal
Obsoletes: heimdal
Requires: perl-Date-Calc
PreReq: %insserv_prereq %fillup_prereq
%description server
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes the kdc, kadmind
and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package devel
Summary: MIT Kerberos5 - Include Files and Libraries
Group: Development/Libraries/C and C++
PreReq: %{name} = %{version}
Requires: libcom_err-devel
%if %{suse_version} > 1010
Requires: keyutils-devel
%endif
Provides: heimdal-tools-devel, heimdal-devel
Obsoletes: heimdal-tools-devel, heimdal-devel
%description devel
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes Libraries and
Include Files for Development
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch4
%patch6
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
%patch21
%patch22
#%patch23
%patch24
%patch25
%patch26
%patch27
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-kdc-replay-cache \
--enable-dns-for-realm \
--with-system-et \
--with-system-ss
make %{?jobs:-j%jobs}
#make check
%install
rm -rf %{buildroot}
cd src
make DESTDIR=%{buildroot} install
cd ..
# install sample config files
# I'll probably do something about this later on
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}/etc/profile.d/
mkdir -p %{buildroot}/var/log/krb5
mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/
# create plugin directories
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
# and binaries too
chmod 0755 %{buildroot}/usr/lib/mit/bin/v4rcp
chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu
# install init scripts
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
find . -type f -name '*.ps' -exec gzip -9 {} \;
# create rc* links
mkdir -p %{buildroot}/usr/bin/
ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind
ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc
ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd
ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d
# create links for kinit and klist, because of the java ones
ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit
ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist
# install helper scripts
install -d -m 755 %{buildroot}/usr/lib/mit/helper
install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/usr/lib/mit/helper/heimdal2mit-DumpConvert.pl
install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/usr/lib/mit/helper/simple_convert_krb5conf.pl
# install doc
install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%pre
# test update from heimdal-lib
if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null`
then
# we update from heimdal
echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal"
mv etc/krb5.conf etc/krb5.conf.heimdal
touch var/adm/fillup-templates/heimdal-update
if [ -e etc/krb5.keytab ]
then
echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal"
mv etc/krb5.keytab etc/krb5.keytab.heimdal
fi
fi
%post
%run_ldconfig
if [ -e var/adm/fillup-templates/heimdal-update ]
then
/usr/lib/mit/helper/simple_convert_krb5conf.pl
rm -f /var/adm/fillup-templates/heimdal-update
fi
if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ]
then
echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf"
mv etc/krb5.conf.rpmnew etc/krb5.conf
fi
%postun
%run_ldconfig
#####################################################
# krb5-server preun/postun
#####################################################
%preun server
%stop_on_removal krb5kdc kadmind kpropd krb524d
%postun server
%restart_on_update krb5kdc kadmind kpropd krb524d
%{insserv_cleanup}
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files
%defattr(-,root,root)
%dir %{krb5docdir}
# add plugin directories
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir %{_libdir}/krb5/plugins/preauth
%dir %{_libdir}/krb5/plugins/libkrb5
%dir /usr/lib/mit/helper
# add log directory
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
/usr/lib/mit/helper/simple_convert_krb5conf.pl
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
%{_libdir}/lib*.so.*
%{_libdir}/libgssapi_krb5.so
%files server
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
%{_sysconfdir}/init.d/kadmind
%{_sysconfdir}/init.d/krb5kdc
%{_sysconfdir}/init.d/kpropd
%{_sysconfdir}/init.d/krb524d
%dir %{krb5docdir}
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
%dir /usr/lib/mit/helper
%dir %{_localstatedir}/lib/kerberos/
%dir %{_localstatedir}/lib/kerberos/krb5kdc
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%doc %{krb5docdir}/README.ConvertHeimdalMIT
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
/usr/bin/rc*
/usr/lib/mit/sbin/kadmin.local
/usr/lib/mit/sbin/kadmind
/usr/lib/mit/sbin/kpropd
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/krb524d
/usr/lib/mit/sbin/EncryptWithMasterKey
/usr/lib/mit/helper/heimdal2mit-DumpConvert.pl
%{_libdir}/krb5/plugins/kdb/*.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
%{_mandir}/man8/kpropd.8*
%{_mandir}/man8/kprop.8*
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/krb524d.8*
/etc/sysconfig/SuSEfirewall2.d/services/k*
%files client
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
/usr/lib/mit/bin/kdestroy
/usr/lib/mit/bin/kpasswd
/usr/lib/mit/bin/klist
/usr/lib/mit/bin/krb524init
/usr/lib/mit/sbin/kadmin
/usr/lib/mit/sbin/ktutil
/usr/lib/mit/sbin/k5srvutil
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
%{_mandir}/man1/kinit.1*
%{_mandir}/man1/krb524init.1*
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/kadmin.8*
%{_mandir}/man8/ktutil.8*
%{_mandir}/man8/k5srvutil.8*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/login.krb5.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
# removed SUID bit
%attr(0755,root,root)/usr/lib/mit/bin/v4rcp
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/v4rcp.1*
%{_mandir}/man1/sclient.1*
%files devel
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/krb5-config
%{_libdir}/libdes425.so
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb4.so
%{_libdir}/libkrb5.so
%{_libdir}/libkrb5support.so
%{_includedir}/*
/usr/lib/mit/sbin/krb5-send-pr
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%changelog
* Tue Sep 11 2007 - mc@suse.de
- update krb5-1.6.2-post.dif
* new -S sname option for kvno
* read_entropy_from_device on partial read will not fill buffer
* Bail out if encoded "ticket" doesn't decode correctly.
* patch for referrals loop
* Thu Sep 06 2007 - mc@suse.de
- fix a problem with the originally published patch
for MITKRB5-SA-2007-006 - CVE-2007-3999
[#302377]
* Wed Sep 05 2007 - mc@suse.de
- fix execute arbitrary code
(MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
[#302377]
* Tue Aug 07 2007 - mc@suse.de
- add krb5-1.6.2-post.dif
* during the referrals loop, check to see if the
session key enctype of a returned credential for the final
service is among the enctypes explicitly selected by the
application, and retry with old_use_conf_ktypes if it is not.
* If mkstemp() is available, the new ccache file gets created but
the subsequent open(O_CREAT|O_EXCL) call fails because the file
was already created by mkstemp(). Apply patch from Apple to keep
the file descriptor open.
* Thu Jul 12 2007 - mc@suse.de
- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release
* Thu Jul 05 2007 - mc@suse.de
- change requires to libcom_err-devel
* Mon Jul 02 2007 - mc@suse.de
- update krb5-1.6.1-post.dif
* fix leak in krb5_walk_realm_tree
* rd_req_decoded needs to deal with referral realms
* fix buffer overflow in kadmind
(MITKRB5-SA-2007-005 - CVE-2007-2798)
[#278689]
* fix kadmind code execution bug
(MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
[#271191]
* Thu Jun 14 2007 - mc@suse.de
- fix unstripped-binary-or-object rpmlint warning
* Mon Jun 11 2007 - sschober@suse.de
- fixing rpmlint warnings and errors:
* merged logrotate scripts kadmin and krb5kdc into a single file
krb5-server.
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
* added surpression filter for
"devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
(see [#147912]).
* set default runlevel of init scripts in chkconfig line to 3 and
5
* Wed May 09 2007 - mc@suse.de
- fix uninitialized salt length
- add extra check for keytab file
* Thu May 03 2007 - mc@suse.de
- adding krb5-1.6.1-post.dif
* fix segfault in krb5_get_init_creds_password
* remove debug output in ftp client
* profile stores empty string values without double quotes
* Mon Apr 23 2007 - mc@suse.de
- update to final 1.6.1 version
* Wed Apr 18 2007 - mc@suse.de
- add plugin directories to main package
* Mon Apr 16 2007 - mc@suse.de
- update to version 1.6.1 Beta1
- remove obsolete patches
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch
* Wed Apr 11 2007 - mc@suse.de
- update krb5-1.6-post.dif
* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]
* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]
* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]
* Thu Mar 29 2007 - mc@suse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches
* Mon Mar 05 2007 - mc@suse.de
- move SuSEFirewall service definitions to
/etc/sysconfig/SuSEfirewall2.d/services
* Thu Feb 22 2007 - mc@suse.de
- add firewall definition to krb5-server, FATE #300687
* Mon Feb 19 2007 - mc@suse.de
- update krb5-1.6-post.dif
- move some applications into the right package
* Fri Feb 09 2007 - mc@suse.de
- update krb5-1.6-post.dif
* Mon Jan 29 2007 - mc@suse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
* Tue Jan 23 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
* Mon Jan 22 2007 - mc@suse.de
- krb5-devel should require keyutils-devel
* Mon Jan 22 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches
* Wed Jan 10 2007 - mc@suse.de
- fix for
kadmind (via RPC library) calls uninitialized function pointer
(CVE-2006-6143)(Bug #225990)
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
kadmind (via GSS-API mechglue) frees uninitialized pointers
(CVE-2006-6144)(Bug #225992)
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
* Tue Jan 02 2007 - mc@suse.de
- Fix Requires in krb5-devel
[Bug #231008]
* Mon Nov 06 2006 - mc@suse.de
- fix "local variable used before set" [#217692]
- fix strncat warning
* Fri Oct 27 2006 - mc@suse.de
- add a default kadm5.dict file
- require $network on daemon start
* Wed Sep 13 2006 - mc@suse.de
- fix function call with too few arguments [#203837]
* Thu Aug 24 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
* trunk-fix-uninitialized-vars.dif
* Fri Aug 11 2006 - mc@suse.de
- krb5 setuid return check fixes
krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
[#182351]
* Mon Aug 07 2006 - mc@suse.de
- remove update-messages
* Mon Jul 24 2006 - mc@suse.de
- add check for krb5_prop in services to kpropd init script.
[#192446]
* Mon Jul 03 2006 - mc@suse.de
- update to version 1.5
* KDB abstraction layer, donated by Novell.
* plug-in architecture, allowing for extension modules to be
loaded at run-time.
* multi-mechanism GSS-API implementation ("mechglue"),
donated by Sun Microsystems
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
implementation, donated by Sun Microsystems
- remove obsolete patches and add some new
* Fri May 26 2006 - ro@suse.de
- libcom is not in e2fsck-devel but in its own package now, change
Requires accordingly.
* Mon Mar 27 2006 - mc@suse.de
- add all daemons to %%stop_on_removal and %%restart_on_update
- add reload to kpropd init script
- add force-reload to all init scripts
* Mon Mar 13 2006 - mc@suse.de
- add libgssapi_krb5.so link to main package [#147912]
* Fri Feb 03 2006 - mc@suse.de
- fix logging section for kadmind in convert script
* Wed Jan 25 2006 - mls@suse.de
- converted neededforbuild to BuildRequires
* Fri Jan 13 2006 - mc@suse.de
- change the logging defaults
* Wed Jan 11 2006 - mc@suse.de
- add tools and README for heimdal => MIT update
* Mon Jan 09 2006 - mc@suse.de
- fix build problems, define _GNU_SOURCE
(krb5-1.4.3-set_gnu_source.dif )
* Tue Jan 03 2006 - mc@suse.de
- added "make %%{?jobs:-j%%jobs}"
* Fri Nov 18 2005 - mc@suse.de
- update to version 1.4.3
* some memmory leaks fixed
* fix for "AS_REP padata has wrong enctype"
* fix for "AS_REP padata missing PA-ETYPE-INFO"
* ... and more
* Wed Nov 02 2005 - dmueller@suse.de
- don't build as root
* Tue Oct 11 2005 - mc@suse.de
- update to version 1.4.2
- remove some obsolet patches
* Mon Aug 08 2005 - mc@suse.de
- build with --disable-static
* Thu Aug 04 2005 - ro@suse.de
- remove devel-static subpackage
* Thu Jun 30 2005 - mc@suse.de
- better patch for princ_comp problem
* Mon Jun 27 2005 - mc@suse.de
- update to version 1.4.1
- remove obsolet patches
- krb5-1.4-gcc4.dif
- krb5-1.4-reduce-namespace-polution.dif
- krb5-1.4-VUL-0-telnet.dif
* Thu Jun 23 2005 - mc@suse.de
- fixed krb5 KDC heap corruption by random free
[#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
- fixed krb5 double free()
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
- fix krb5 NULL pointer reference while comparing principals
[#91600]
* Fri Jun 17 2005 - mc@suse.de
- fix uninitialized variables
- compile with -fPIE/ link with -pie
* Wed Apr 20 2005 - mc@suse.de
- fixed wrong xinetd files [#77149]
* Fri Apr 08 2005 - mt@suse.de
- removed krb5-1.4-fix-error_tables.dif patch obsoleted
by libcom_err locking patches
* Thu Apr 07 2005 - mc@suse.de
- fixed missing descriptions in init files
[#76164, #76165, #76166, #76169]
* Wed Mar 30 2005 - mc@suse.de
- enhance $PATH via /etc/profile.d/ [#74018]
- remove the "links to important programs"
* Fri Mar 18 2005 - mc@suse.de
- fixed not running converter script [#72854]
* Thu Mar 17 2005 - mc@suse.de
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
Overflow
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
Overflow
[#73618]
* Wed Mar 16 2005 - mc@suse.de
- fixed wrong PreReqs [#73020]
* Tue Mar 15 2005 - mc@suse.de
- add a simple krb5.conf converter [#72854]
* Mon Mar 14 2005 - mc@suse.de
- fixed: rckrb5kdc restart gives wrong status with non-running service
[#72446]
* Thu Mar 10 2005 - mc@suse.de
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
* Fri Feb 25 2005 - mc@suse.de
- fix double free [#66534]
krb5-1.4-fix-error_tables.dif
* Fri Feb 11 2005 - mc@suse.de
- change mode for shared libraries to 755
* Fri Feb 04 2005 - mc@suse.de
- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this
action.
- add a check for spx.c in the spec-file
- use rich-text for update-messages [#50250]
* Tue Feb 01 2005 - mc@suse.de
- add krb5-1.4-reduce-namespace-polution.dif
reduce namespace polution in gssapi.h [#50356]
* Fri Jan 28 2005 - mc@suse.de
- update to version 1.4
- Add implementation of the RPCSEC_GSS authentication flavor to the
RPC library.
- Thread safety for krb5 libraries.
- Merged Athena telnetd changes for creating a new option for
requiring encryption.
- The kadmind4 backwards-compatibility admin server and the v5passwdd
backwards-compatibility password-changing server have been removed.
- Yarrow code now uses AES.
- Merged Athena changes to allow ftpd to require encrypted passwords.
- Incorporate gss_krb5_set_allowable_enctypes() and
gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
- remove obsolet patches
* Mon Jan 17 2005 - mc@suse.de
- add proofreaded update-messages
* Fri Jan 14 2005 - mc@suse.de
- remove Conflicts: and add Provides:
- add some insserv stuff
* Thu Jan 13 2005 - mc@suse.de
- move vendor files to vendor-files.tar.bz2
- add obsoletes: heimdal
- add %%pre and %%post sections to detect update
from heimdal and backup invalid configuration files
- add update-messages for heimdal update
* Mon Jan 10 2005 - mc@suse.de
- update to version 1.3.6
- fix for: heap buffer overflow in libkadm5srv
[CAN-2004-1189 / MITKRB5-SA-2004-004]
* Tue Dec 14 2004 - mc@suse.de
- build doc subpackage in an own specfile
- removed unnecessary neededforbuild requirements
* Wed Nov 24 2004 - coolo@suse.de
- fix build with gcc 4
* Mon Nov 15 2004 - mc@suse.de
- added Conflicts with heimdal*
- rename some manpages to avoid conflicts
* Thu Nov 04 2004 - mc@suse.de
- new init scripts
- fix logrotate scripts
- add some 64Bit fixes
- add default krb5.conf, kdc.conf and kadm5.acl
* Wed Nov 03 2004 - mc@suse.de
- add e2fsprogs to NFB
- use system-et and system-ss
- fix includes of com_err.h
* Thu Oct 28 2004 - mc@suse.de
- Initital checkin