OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=29

2008-01-23 21:04:40 +00:00 · 2008-01-23 21:04:40 +00:00 · 1decc015c4
commit 1decc015c4
parent c454ede08e
8 changed files with 227 additions and 129 deletions
--- a/krb5-1.6-fix-CVE-2007-5894.dif
+++ b/krb5-1.6-fix-CVE-2007-5894.dif
@ -0,0 +1,13 @@
 Index: src/appl/gssftp/ftpd/ftpd.c
 ===================================================================
 --- src/appl/gssftp/ftpd/ftpd.c.orig
 +++ src/appl/gssftp/ftpd/ftpd.c
@@ -1823,7 +1823,7 @@ reply(n, fmt, p0, p1, p2, p3, p4, p5)
 		 * radix_encode, gss_seal, plus slop.
 		 */
 		char in[FTP_BUFSIZ*3/2], out[FTP_BUFSIZ*3/2];
 -		int length, kerror;
 +		int length = 0, kerror;
 		if (n) sprintf(in, "%d%c", n, cont_char);
 		else in[0] = '\0';
 		strncat(in, buf, sizeof (in) - strlen(in) - 1);
--- a/krb5-1.6-fix-CVE-2007-5902.dif
+++ b/krb5-1.6-fix-CVE-2007-5902.dif
@ -0,0 +1,13 @@
 Index: src/lib/rpc/svc_auth_gss.c
 ===================================================================
 --- src/lib/rpc/svc_auth_gss.c.orig
 +++ src/lib/rpc/svc_auth_gss.c
@@ -671,7 +671,7 @@ svcauth_gss_get_principal(SVCAUTH *auth)
 	gd = SVCAUTH_PRIVATE(auth);
 -	if (gd->cname.length == 0)
 +	if (gd->cname.length == 0 || gd->cname.length >= SIZE_MAX)
 		return (NULL);
 	if ((pname = malloc(gd->cname.length + 1)) == NULL)
--- a/krb5-1.6-fix-CVE-2007-5971.dif
+++ b/krb5-1.6-fix-CVE-2007-5971.dif
@ -0,0 +1,25 @@
 Index: src/lib/gssapi/krb5/k5sealv3.c
 ===================================================================
 --- src/lib/gssapi/krb5/k5sealv3.c.orig
 +++ src/lib/gssapi/krb5/k5sealv3.c
@@ -248,7 +248,6 @@ gss_krb5int_make_seal_token_v3 (krb5_con
 	plain.data = 0;
 	if (err) {
 	    zap(outbuf,bufsize);
 -	    free(outbuf);
 	    goto error;
 	}
 	if (sum.length != ctx->cksum_size)
 Index: src/lib/gssapi/mechglue/g_initialize.c
 ===================================================================
 --- src/lib/gssapi/mechglue/g_initialize.c.orig
 +++ src/lib/gssapi/mechglue/g_initialize.c
@@ -208,7 +208,7 @@ gss_OID_set *mechSet;
 				free((*mechSet)->elements[j].elements);
 			}
 			free((*mechSet)->elements);
 -			free(mechSet);
 +			free(*mechSet);
 			*mechSet = NULL;
 			return (GSS_S_FAILURE);
 		}
--- a/krb5-1.6-fix-CVE-2007-5972.dif
+++ b/krb5-1.6-fix-CVE-2007-5972.dif
@ -0,0 +1,14 @@
 Index: src/lib/kdb/kdb_default.c
 ===================================================================
 --- src/lib/kdb/kdb_default.c.orig
 +++ src/lib/kdb/kdb_default.c
@@ -185,8 +185,7 @@ krb5_def_store_mkey(context, keyfile, mn
 		kf) != key->length)) {
 	retval = errno;
 	(void) fclose(kf);
 -    }
 -    if (fclose(kf) == EOF)
 +    } else if (fclose(kf) == EOF)
 	retval = errno;
 #if HAVE_UMASK
     (void) umask(oumask);
--- a/krb5-doc.spec
+++ b/krb5-doc.spec
@ -1,7 +1,7 @@
 #
 # spec file for package krb5-doc (Version 1.6.3)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -13,7 +13,7 @@
 Name:           krb5-doc
 BuildRequires:  ghostscript-library latex2html texlive
 Version:        1.6.3
-Release:        16
+Release:        30
 %define srcRoot krb5-1.6.3
 Summary:        MIT Kerberos5 Implementation--Documentation
 License:        X11/MIT
@ -90,41 +90,41 @@ rm -rf %{buildroot}
 %doc doc/html
 %changelog
-* Tue Oct 23 2007 - mc@suse.de
+* Tue Oct 23 2007 mc@suse.de
 - update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
 - remove patches which are upstream now
 - enhance init scripts and xinetd profiles
-* Thu Jul 12 2007 - mc@suse.de
+* Thu Jul 12 2007 mc@suse.de
 - update to version 1.6.2
 - remove krb5-1.6.1-post.dif all fixes are included in this release
-* Wed Jun 13 2007 - sschober@suse.de
+* Wed Jun 13 2007 sschober@suse.de
 - removed executable permission from doc file
-* Mon Apr 23 2007 - mc@suse.de
+* Mon Apr 23 2007 mc@suse.de
 - update to final 1.6.1 version
 - replace te_ams with texlive in BuildRequires
-* Wed Apr 18 2007 - mc@suse.de
+* Wed Apr 18 2007 mc@suse.de
 - build implementor.ps
-* Mon Apr 16 2007 - mc@suse.de
+* Mon Apr 16 2007 mc@suse.de
 - update to version 1.6.1 Beta1
 - remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
-* Mon Feb 19 2007 - mc@suse.de
+* Mon Feb 19 2007 mc@suse.de
 - add krb5-1.6-post.dif
-* Mon Jan 22 2007 - mc@suse.de
+* Mon Jan 22 2007 mc@suse.de
 - update to version 1.6
  * Major changes in 1.6 include
  * Partial client implementation to handle server name referrals.
  * Pre-authentication plug-in framework, donated by Red Hat.
  * LDAP KDB plug-in, donated by Novell.
-* Thu Aug 24 2006 - mc@suse.de
+* Thu Aug 24 2006 mc@suse.de
 - update to version 1.5.1
 - remove obsolete patches which are now included upstream
  * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  * trunk-fix-uninitialized-vars.dif
-* Mon Jul 03 2006 - mc@suse.de
+* Mon Jul 03 2006 mc@suse.de
 - update to version 1.5
  * KDB abstraction layer, donated by Novell.
  * plug-in architecture, allowing for extension modules to be
@ -134,34 +134,34 @@ rm -rf %{buildroot}
  * Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
  implementation, donated by Sun Microsystems
 - remove obsolete patches and add some new
-* Mon Mar 13 2006 - mc@suse.de
+* Mon Mar 13 2006 mc@suse.de
 - set BuildArchitectures to noarch
 - set norootforbuild
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Fri Nov 18 2005 - mc@suse.de
+* Fri Nov 18 2005 mc@suse.de
 - update to version 1.4.3
 - fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
-* Wed Oct 12 2005 - mc@suse.de
+* Wed Oct 12 2005 mc@suse.de
 - build kadm5 documentation
 - build documentation also as html
 - include the text only documentation
-* Tue Oct 11 2005 - mc@suse.de
+* Tue Oct 11 2005 mc@suse.de
 - update to version 1.4.2
 - remove some obsolet patches
-* Mon Jun 27 2005 - mc@suse.de
+* Mon Jun 27 2005 mc@suse.de
 - update to version 1.4.1
 - remove obsolet patches
  - krb5-1.4-VUL-0-telnet.dif
-* Thu Feb 10 2005 - ro@suse.de
+* Thu Feb 10 2005 ro@suse.de
 - added libpng to neededforbuild (for tetex)
-* Fri Feb 04 2005 - mc@suse.de
+* Fri Feb 04 2005 mc@suse.de
 - remove spx.c from tarball because of legal risk
 - add README.Source which tell the user about this
  action.
-* Fri Jan 28 2005 - mc@suse.de
+* Fri Jan 28 2005 mc@suse.de
 - update to version 1.4
-* Mon Jan 10 2005 - mc@suse.de
+* Mon Jan 10 2005 mc@suse.de
 - update to version 1.3.6
-* Tue Dec 14 2004 - mc@suse.de
+* Tue Dec 14 2004 mc@suse.de
 - initial release
--- a/krb5-plugins.spec
+++ b/krb5-plugins.spec
@ -1,7 +1,7 @@
 #
 # spec file for package krb5-plugins (Version 1.6.3)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -13,7 +13,7 @@
 Name:           krb5-plugins
 Version:        1.6.3
-Release:        3
+Release:        4
 BuildRequires:  bison krb5-devel ncurses-devel openldap2-devel
 %define srcRoot krb5-1.6.3
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
@ -48,6 +48,10 @@ Patch31:        krb5-1.6-ldap-man.dif
 Patch32:        krb5-1.4.3-enospc.dif
 Patch33:        krb5-1.3.3-rcp-markus.dif
 Patch34:        gssapi_improve_errormessages.dif
 Patch35:        krb5-1.6-fix-CVE-2007-5894.dif
 Patch36:        krb5-1.6-fix-CVE-2007-5902.dif
 Patch37:        krb5-1.6-fix-CVE-2007-5971.dif
 Patch38:        krb5-1.6-fix-CVE-2007-5972.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 %description
@ -134,6 +138,10 @@ fi
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
 %patch35
 %patch36
 %patch37
 %patch38
 cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
 # Rename the man pages so that they'll get generated correctly.
 pushd src
@ -248,35 +256,35 @@ rm -rf %{buildroot}
 %{_libdir}/krb5/plugins/preauth/pkinit.so
 %changelog
-* Tue Dec 04 2007 - mc@suse.de
+* Tue Dec 04 2007 mc@suse.de
 - improve GSSAPI error messages
-* Tue Oct 23 2007 - mc@suse.de
+* Tue Oct 23 2007 mc@suse.de
 - update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
 - remove patches which are upstream now
 - enhance init scripts and xinetd profiles
-* Fri Sep 14 2007 - mc@suse.de
+* Fri Sep 14 2007 mc@suse.de
 - update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
  that the client library will not failover to the next KDC.
  [#310540]
-* Tue Sep 11 2007 - mc@suse.de
+* Tue Sep 11 2007 mc@suse.de
 - update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop
-* Thu Sep 06 2007 - mc@suse.de
+* Thu Sep 06 2007 mc@suse.de
 - fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377]
-* Wed Sep 05 2007 - mc@suse.de
+* Wed Sep 05 2007 mc@suse.de
 - fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377]
-* Tue Aug 07 2007 - mc@suse.de
+* Tue Aug 07 2007 mc@suse.de
 - add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
  session key enctype of a returned credential for the final
@ -286,10 +294,10 @@ rm -rf %{buildroot}
  the subsequent open(O_CREAT|O_EXCL) call fails because the file
  was already created by mkstemp(). Apply patch from Apple to keep
  the file descriptor open.
-* Thu Jul 12 2007 - mc@suse.de
+* Thu Jul 12 2007 mc@suse.de
 - update to version 1.6.2
 - remove krb5-1.6.1-post.dif all fixes are included in this release
-* Mon Jul 02 2007 - mc@suse.de
+* Mon Jul 02 2007 mc@suse.de
 - update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms
@ -299,22 +307,22 @@ rm -rf %{buildroot}
  * fix kadmind code execution bug
  (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
  [#271191]
-* Wed May 09 2007 - mc@suse.de
+* Wed May 09 2007 mc@suse.de
 - fix uninitialized salt length
 - add extra check for keytab file
-* Thu May 03 2007 - mc@suse.de
+* Thu May 03 2007 mc@suse.de
 - adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password
  * remove debug output in ftp client
  * profile stores empty string values without double quotes
-* Mon Apr 23 2007 - mc@suse.de
+* Mon Apr 23 2007 mc@suse.de
 - update to final 1.6.1 version
-* Mon Apr 16 2007 - mc@suse.de
+* Mon Apr 16 2007 mc@suse.de
 - update to version 1.6.1 Beta1
 - remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
 - rework compile_pie patch
-* Wed Apr 11 2007 - mc@suse.de
+* Wed Apr 11 2007 mc@suse.de
 - update krb5-1.6-post.dif
  * fix kadmind stack overflow in krb5_klog_syslog
  (MITKRB5-SA-2007-002 - CVE-2007-0957)
@ -325,24 +333,24 @@ rm -rf %{buildroot}
  * fix krb5 telnetd login injection
  (MIT-SA-2007-001 - CVE-2007-0956)
  [#247765]
-* Thu Mar 29 2007 - mc@suse.de
+* Thu Mar 29 2007 mc@suse.de
 - add ncurses-devel and bison to BuildRequires
 - rework some patches
-* Mon Feb 19 2007 - mc@suse.de
+* Mon Feb 19 2007 mc@suse.de
 - update krb5-1.6-post.dif
-* Fri Feb 09 2007 - mc@suse.de
+* Fri Feb 09 2007 mc@suse.de
 - update krb5-1.6-post.dif
-* Mon Jan 29 2007 - ro@suse.de
+* Mon Jan 29 2007 ro@suse.de
 - no main package, no debuginfo
-* Mon Jan 29 2007 - mc@suse.de
+* Mon Jan 29 2007 mc@suse.de
 - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
 - fix leak in krb5_kt_resolve and krb5_kt_wresolve
-* Tue Jan 23 2007 - mc@suse.de
+* Tue Jan 23 2007 mc@suse.de
 - fix "local variable used before set" in ftp.c
  [#237684]
 - use less BuildRequires
-* Mon Jan 22 2007 - mc@suse.de
+* Mon Jan 22 2007 mc@suse.de
 - initial release (version 1.6)
  * Major changes in 1.6 include
  * Partial client implementation to handle server name referrals.
--- a/krb5.changes
+++ b/krb5.changes
@ -1,3 +1,13 @@
 -------------------------------------------------------------------
 Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
 - fix several security bugs:
  * CVE-2007-5894 apparent uninit length
  * CVE-2007-5902 integer overflow
  * CVE-2007-5971 free of non-heap pointer and double-free
  * CVE-2007-5972 double fclose()
  [#346745, #346748, #346746, #346749, #346747]
 -------------------------------------------------------------------
 Tue Dec  4 16:36:07 CET 2007 - mc@suse.de
--- a/krb5.spec
+++ b/krb5.spec
@ -1,7 +1,7 @@
 #
 # spec file for package krb5 (Version 1.6.3)
 #
-# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
+# Copyright (c) 2008 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # This file and all modifications and additions to the pristine
 # package are under the same license as the package itself.
 #
@ -12,7 +12,7 @@
 Name:           krb5
 Version:        1.6.3
-Release:        11
+Release:        20
 BuildRequires:  bison libcom_err-devel ncurses-devel
 %if %{suse_version} > 1010
 BuildRequires:  keyutils keyutils-devel
@ -52,6 +52,10 @@ Patch31:        krb5-1.6-ldap-man.dif
 Patch32:        krb5-1.4.3-enospc.dif
 Patch33:        krb5-1.3.3-rcp-markus.dif
 Patch34:        gssapi_improve_errormessages.dif
 Patch35:        krb5-1.6-fix-CVE-2007-5894.dif
 Patch36:        krb5-1.6-fix-CVE-2007-5902.dif
 Patch37:        krb5-1.6-fix-CVE-2007-5971.dif
 Patch38:        krb5-1.6-fix-CVE-2007-5972.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils 
@ -206,6 +210,10 @@ fi
 %patch32 -p1
 %patch33 -p1
 %patch34 -p1
 %patch35 
 %patch36
 %patch37
 %patch38
 cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
 # Rename the man pages so that they'll get generated correctly.
 pushd src
@ -522,37 +530,44 @@ rm -rf %{buildroot}
 %{_mandir}/man1/krb5-config.1*
 %changelog
-* Tue Dec 04 2007 - mc@suse.de
+* Fri Dec 14 2007 mc@suse.de
 - fix several security bugs:
  * CVE-2007-5894 apparent uninit length
  * CVE-2007-5902 integer overflow
  * CVE-2007-5971 free of non-heap pointer and double-free
  * CVE-2007-5972 double fclose()
  [#346745, #346748, #346746, #346749, #346747]
 * Tue Dec 04 2007 mc@suse.de
 - improve GSSAPI error messages
-* Tue Nov 06 2007 - mc@suse.de
+* Tue Nov 06 2007 mc@suse.de
 - add coreutils to PreReq
-* Tue Oct 23 2007 - mc@suse.de
+* Tue Oct 23 2007 mc@suse.de
 - update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
 - remove patches which are upstream now
 - enhance init scripts and xinetd profiles
-* Fri Sep 14 2007 - mc@suse.de
+* Fri Sep 14 2007 mc@suse.de
 - update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
  that the client library will not failover to the next KDC.
  [#310540]
-* Tue Sep 11 2007 - mc@suse.de
+* Tue Sep 11 2007 mc@suse.de
 - update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop
-* Thu Sep 06 2007 - mc@suse.de
+* Thu Sep 06 2007 mc@suse.de
 - fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377]
-* Wed Sep 05 2007 - mc@suse.de
+* Wed Sep 05 2007 mc@suse.de
 - fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377]
-* Tue Aug 07 2007 - mc@suse.de
+* Tue Aug 07 2007 mc@suse.de
 - add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
  session key enctype of a returned credential for the final
@ -562,12 +577,12 @@ rm -rf %{buildroot}
  the subsequent open(O_CREAT|O_EXCL) call fails because the file
  was already created by mkstemp(). Apply patch from Apple to keep
  the file descriptor open.
-* Thu Jul 12 2007 - mc@suse.de
+* Thu Jul 12 2007 mc@suse.de
 - update to version 1.6.2
 - remove krb5-1.6.1-post.dif all fixes are included in this release
-* Thu Jul 05 2007 - mc@suse.de
+* Thu Jul 05 2007 mc@suse.de
 - change requires to libcom_err-devel
-* Mon Jul 02 2007 - mc@suse.de
+* Mon Jul 02 2007 mc@suse.de
 - update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms
@ -577,9 +592,9 @@ rm -rf %{buildroot}
  * fix kadmind code execution bug
  (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
  [#271191]
-* Thu Jun 14 2007 - mc@suse.de
+* Thu Jun 14 2007 mc@suse.de
 - fix unstripped-binary-or-object rpmlint warning
-* Mon Jun 11 2007 - sschober@suse.de
+* Mon Jun 11 2007 sschober@suse.de
 - fixing rpmlint warnings and errors:
  * merged logrotate scripts kadmin and krb5kdc into a single file
  krb5-server.
@ -591,24 +606,24 @@ rm -rf %{buildroot}
  (see [#147912]).
  * set default runlevel of init scripts in chkconfig line to 3 and
  5
-* Wed May 09 2007 - mc@suse.de
+* Wed May 09 2007 mc@suse.de
 - fix uninitialized salt length
 - add extra check for keytab file
-* Thu May 03 2007 - mc@suse.de
+* Thu May 03 2007 mc@suse.de
 - adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password
  * remove debug output in ftp client
  * profile stores empty string values without double quotes
-* Mon Apr 23 2007 - mc@suse.de
+* Mon Apr 23 2007 mc@suse.de
 - update to final 1.6.1 version
-* Wed Apr 18 2007 - mc@suse.de
+* Wed Apr 18 2007 mc@suse.de
 - add plugin directories to main package
-* Mon Apr 16 2007 - mc@suse.de
+* Mon Apr 16 2007 mc@suse.de
 - update to version 1.6.1 Beta1
 - remove obsolete patches
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
 - rework compile_pie patch
-* Wed Apr 11 2007 - mc@suse.de
+* Wed Apr 11 2007 mc@suse.de
 - update krb5-1.6-post.dif
  * fix kadmind stack overflow in krb5_klog_syslog
  (MITKRB5-SA-2007-002 - CVE-2007-0957)
@ -619,36 +634,36 @@ rm -rf %{buildroot}
  * fix krb5 telnetd login injection
  (MIT-SA-2007-001 - CVE-2007-0956)
  [#247765]
-* Thu Mar 29 2007 - mc@suse.de
+* Thu Mar 29 2007 mc@suse.de
 - add ncurses-devel and bison to BuildRequires
 - rework some patches
-* Mon Mar 05 2007 - mc@suse.de
+* Mon Mar 05 2007 mc@suse.de
 - move SuSEFirewall service definitions to
  /etc/sysconfig/SuSEfirewall2.d/services
-* Thu Feb 22 2007 - mc@suse.de
+* Thu Feb 22 2007 mc@suse.de
 - add firewall definition to krb5-server, FATE #300687
-* Mon Feb 19 2007 - mc@suse.de
+* Mon Feb 19 2007 mc@suse.de
 - update krb5-1.6-post.dif
 - move some applications into the right package
-* Fri Feb 09 2007 - mc@suse.de
+* Fri Feb 09 2007 mc@suse.de
 - update krb5-1.6-post.dif
-* Mon Jan 29 2007 - mc@suse.de
+* Mon Jan 29 2007 mc@suse.de
 - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
 - fix leak in krb5_kt_resolve and krb5_kt_wresolve
-* Tue Jan 23 2007 - mc@suse.de
+* Tue Jan 23 2007 mc@suse.de
 - fix "local variable used before set" in ftp.c
  [#237684]
-* Mon Jan 22 2007 - mc@suse.de
+* Mon Jan 22 2007 mc@suse.de
 - krb5-devel should require keyutils-devel
-* Mon Jan 22 2007 - mc@suse.de
+* Mon Jan 22 2007 mc@suse.de
 - update to version 1.6
  * Major changes in 1.6 include
  * Partial client implementation to handle server name referrals.
  * Pre-authentication plug-in framework, donated by Red Hat.
  * LDAP KDB plug-in, donated by Novell.
 - remove obsolete patches
-* Wed Jan 10 2007 - mc@suse.de
+* Wed Jan 10 2007 mc@suse.de
 - fix for
  kadmind (via RPC library) calls uninitialized function pointer
  (CVE-2006-6143)(Bug #225990)
@ -657,32 +672,32 @@ rm -rf %{buildroot}
  kadmind (via GSS-API mechglue) frees uninitialized pointers
  (CVE-2006-6144)(Bug #225992)
  krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
-* Tue Jan 02 2007 - mc@suse.de
+* Tue Jan 02 2007 mc@suse.de
 - Fix Requires in krb5-devel
  [Bug #231008]
-* Mon Nov 06 2006 - mc@suse.de
+* Mon Nov 06 2006 mc@suse.de
 - fix "local variable used before set" [#217692]
 - fix strncat warning
-* Fri Oct 27 2006 - mc@suse.de
+* Fri Oct 27 2006 mc@suse.de
 - add a default kadm5.dict file
 - require $network on daemon start
-* Wed Sep 13 2006 - mc@suse.de
+* Wed Sep 13 2006 mc@suse.de
 - fix function call with too few arguments [#203837]
-* Thu Aug 24 2006 - mc@suse.de
+* Thu Aug 24 2006 mc@suse.de
 - update to version 1.5.1
 - remove obsolete patches which are now included upstream
  * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  * trunk-fix-uninitialized-vars.dif
-* Fri Aug 11 2006 - mc@suse.de
+* Fri Aug 11 2006 mc@suse.de
 - krb5 setuid return check fixes
  krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  [#182351]
-* Mon Aug 07 2006 - mc@suse.de
+* Mon Aug 07 2006 mc@suse.de
 - remove update-messages
-* Mon Jul 24 2006 - mc@suse.de
+* Mon Jul 24 2006 mc@suse.de
 - add check for krb5_prop in services to kpropd init script.
  [#192446]
-* Mon Jul 03 2006 - mc@suse.de
+* Mon Jul 03 2006 mc@suse.de
 - update to version 1.5
  * KDB abstraction layer, donated by Novell.
  * plug-in architecture, allowing for extension modules to be
@ -692,104 +707,104 @@ rm -rf %{buildroot}
  * Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
  implementation, donated by Sun Microsystems
 - remove obsolete patches and add some new
-* Fri May 26 2006 - ro@suse.de
+* Fri May 26 2006 ro@suse.de
 - libcom is not in e2fsck-devel but in its own package now, change
  Requires accordingly.
-* Mon Mar 27 2006 - mc@suse.de
+* Mon Mar 27 2006 mc@suse.de
 - add all daemons to %%stop_on_removal and %%restart_on_update
 - add reload to kpropd init script
 - add force-reload to all init scripts
-* Mon Mar 13 2006 - mc@suse.de
+* Mon Mar 13 2006 mc@suse.de
 - add libgssapi_krb5.so link to main package [#147912]
-* Fri Feb 03 2006 - mc@suse.de
+* Fri Feb 03 2006 mc@suse.de
 - fix logging section for kadmind in convert script
-* Wed Jan 25 2006 - mls@suse.de
+* Wed Jan 25 2006 mls@suse.de
 - converted neededforbuild to BuildRequires
-* Fri Jan 13 2006 - mc@suse.de
+* Fri Jan 13 2006 mc@suse.de
 - change the logging defaults
-* Wed Jan 11 2006 - mc@suse.de
+* Wed Jan 11 2006 mc@suse.de
 - add tools and README for heimdal => MIT update
-* Mon Jan 09 2006 - mc@suse.de
+* Mon Jan 09 2006 mc@suse.de
 - fix build problems, define _GNU_SOURCE
  (krb5-1.4.3-set_gnu_source.dif )
-* Tue Jan 03 2006 - mc@suse.de
+* Tue Jan 03 2006 mc@suse.de
 - added "make %%{?jobs:-j%%jobs}"
-* Fri Nov 18 2005 - mc@suse.de
+* Fri Nov 18 2005 mc@suse.de
 - update to version 1.4.3
  * some memmory leaks fixed
  * fix for "AS_REP padata has wrong enctype"
  * fix for "AS_REP padata missing PA-ETYPE-INFO"
  * ... and more
-* Wed Nov 02 2005 - dmueller@suse.de
+* Wed Nov 02 2005 dmueller@suse.de
 - don't build as root
-* Tue Oct 11 2005 - mc@suse.de
+* Tue Oct 11 2005 mc@suse.de
 - update to version 1.4.2
 - remove some obsolet patches
-* Mon Aug 08 2005 - mc@suse.de
+* Mon Aug 08 2005 mc@suse.de
 - build with --disable-static
-* Thu Aug 04 2005 - ro@suse.de
+* Thu Aug 04 2005 ro@suse.de
 - remove devel-static subpackage
-* Thu Jun 30 2005 - mc@suse.de
+* Thu Jun 30 2005 mc@suse.de
 - better patch for princ_comp problem
-* Mon Jun 27 2005 - mc@suse.de
+* Mon Jun 27 2005 mc@suse.de
 - update to version 1.4.1
 - remove obsolet patches
  - krb5-1.4-gcc4.dif
  - krb5-1.4-reduce-namespace-polution.dif
  - krb5-1.4-VUL-0-telnet.dif
-* Thu Jun 23 2005 - mc@suse.de
+* Thu Jun 23 2005 mc@suse.de
 - fixed krb5 KDC heap corruption by random free
  [#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
 - fixed krb5 double free()
  [#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
 - fix krb5 NULL pointer reference while comparing principals
  [#91600]
-* Fri Jun 17 2005 - mc@suse.de
+* Fri Jun 17 2005 mc@suse.de
 - fix uninitialized variables
 - compile with -fPIE/ link with -pie
-* Wed Apr 20 2005 - mc@suse.de
+* Wed Apr 20 2005 mc@suse.de
 - fixed wrong xinetd files [#77149]
-* Fri Apr 08 2005 - mt@suse.de
+* Fri Apr 08 2005 mt@suse.de
 - removed krb5-1.4-fix-error_tables.dif patch obsoleted
  by libcom_err locking patches
-* Thu Apr 07 2005 - mc@suse.de
+* Thu Apr 07 2005 mc@suse.de
 - fixed missing descriptions in init files
  [#76164, #76165, #76166, #76169]
-* Wed Mar 30 2005 - mc@suse.de
+* Wed Mar 30 2005 mc@suse.de
 - enhance $PATH via /etc/profile.d/ [#74018]
 - remove the "links to important programs"
-* Fri Mar 18 2005 - mc@suse.de
+* Fri Mar 18 2005 mc@suse.de
 - fixed not running converter script [#72854]
-* Thu Mar 17 2005 - mc@suse.de
+* Thu Mar 17 2005 mc@suse.de
 - Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
  Overflow
 - Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
  Overflow
  [#73618]
-* Wed Mar 16 2005 - mc@suse.de
+* Wed Mar 16 2005 mc@suse.de
 - fixed wrong PreReqs [#73020]
-* Tue Mar 15 2005 - mc@suse.de
+* Tue Mar 15 2005 mc@suse.de
 - add a simple krb5.conf converter [#72854]
-* Mon Mar 14 2005 - mc@suse.de
+* Mon Mar 14 2005 mc@suse.de
 - fixed: rckrb5kdc restart gives wrong status with non-running service
  [#72446]
-* Thu Mar 10 2005 - mc@suse.de
+* Thu Mar 10 2005 mc@suse.de
 - add requires: e2fsprogs-devel to krb5-devel package [#71732]
-* Fri Feb 25 2005 - mc@suse.de
+* Fri Feb 25 2005 mc@suse.de
 - fix double free [#66534]
  krb5-1.4-fix-error_tables.dif
-* Fri Feb 11 2005 - mc@suse.de
+* Fri Feb 11 2005 mc@suse.de
 - change mode for shared libraries to 755
-* Fri Feb 04 2005 - mc@suse.de
+* Fri Feb 04 2005 mc@suse.de
 - remove spx.c from tarball because of legal risk
 - add README.Source which tell the user about this
  action.
 - add a check for spx.c in the spec-file
 - use rich-text for update-messages [#50250]
-* Tue Feb 01 2005 - mc@suse.de
+* Tue Feb 01 2005 mc@suse.de
 - add krb5-1.4-reduce-namespace-polution.dif
  reduce namespace polution in gssapi.h [#50356]
-* Fri Jan 28 2005 - mc@suse.de
+* Fri Jan 28 2005 mc@suse.de
 - update to version 1.4
 - Add implementation of the RPCSEC_GSS authentication flavor to the
  RPC library.
@ -803,37 +818,37 @@ rm -rf %{buildroot}
 - Incorporate gss_krb5_set_allowable_enctypes() and
  gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
 - remove obsolet patches
-* Mon Jan 17 2005 - mc@suse.de
+* Mon Jan 17 2005 mc@suse.de
 - add proofreaded update-messages
-* Fri Jan 14 2005 - mc@suse.de
+* Fri Jan 14 2005 mc@suse.de
 - remove Conflicts: and add Provides:
 - add some insserv stuff
-* Thu Jan 13 2005 - mc@suse.de
+* Thu Jan 13 2005 mc@suse.de
 - move vendor files to vendor-files.tar.bz2
 - add obsoletes: heimdal
 - add %%pre and %%post sections to detect update
  from heimdal and backup invalid configuration files
 - add update-messages for heimdal update
-* Mon Jan 10 2005 - mc@suse.de
+* Mon Jan 10 2005 mc@suse.de
 - update to version 1.3.6
 - fix for: heap buffer overflow in libkadm5srv
  [CAN-2004-1189 / MITKRB5-SA-2004-004]
-* Tue Dec 14 2004 - mc@suse.de
+* Tue Dec 14 2004 mc@suse.de
 - build doc subpackage in an own specfile
 - removed unnecessary neededforbuild requirements
-* Wed Nov 24 2004 - coolo@suse.de
+* Wed Nov 24 2004 coolo@suse.de
 - fix build with gcc 4
-* Mon Nov 15 2004 - mc@suse.de
+* Mon Nov 15 2004 mc@suse.de
 - added Conflicts with heimdal*
 - rename some manpages to avoid conflicts
-* Thu Nov 04 2004 - mc@suse.de
+* Thu Nov 04 2004 mc@suse.de
 - new init scripts
 - fix logrotate scripts
 - add some 64Bit fixes
 - add default krb5.conf, kdc.conf and kadm5.acl
-* Wed Nov 03 2004 - mc@suse.de
+* Wed Nov 03 2004 mc@suse.de
 - add e2fsprogs to NFB
 - use system-et and system-ss
 - fix includes of com_err.h
-* Thu Oct 28 2004 - mc@suse.de
+* Thu Oct 28 2004 mc@suse.de
 - Initital checkin