From 05a3f5da3c681645d519d8fa6255a520ea05b300265db3ba25c450d7e336db3f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tom=C3=A1=C5=A1=20Chv=C3=A1tal?= Date: Thu, 14 Feb 2019 08:52:23 +0000 Subject: [PATCH] Accepting request 674684 from home:jengelh:branches:network - Replace old $RPM_* shell vars OBS-URL: https://build.opensuse.org/request/show/674684 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=214 --- krb5-mini.changes | 244 ++++++++++++++++++++++---------------------- krb5-mini.spec | 36 +++---- krb5.changes | 250 +++++++++++++++++++++++----------------------- krb5.spec | 38 ++++--- 4 files changed, 284 insertions(+), 284 deletions(-) diff --git a/krb5-mini.changes b/krb5-mini.changes index 5222122..928df91 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars + ------------------------------------------------------------------- Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero @@ -77,7 +82,7 @@ Tue Oct 9 20:13:24 UTC 2018 - James McDonough * dates through 2106 accepted * KDC support for trivially renewable tickets * stop caching referral and alternate cross-realm TGTs to prevent - duplicate credential cache entries + duplicate credential cache entries ------------------------------------------------------------------- Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com @@ -104,7 +109,7 @@ Wed Apr 25 21:56:35 UTC 2018 - luizluca@gmail.com ------------------------------------------------------------------- Thu Nov 23 13:38:33 UTC 2017 - rbrown@suse.com -- Replace references to /var/adm/fillup-templates with new +- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- @@ -260,7 +265,7 @@ Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com nonexistent policies * Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only [CVE-2016-3120] - + ------------------------------------------------------------------ Tue May 10 12:41:14 UTC 2016 - hguo@suse.com @@ -594,7 +599,7 @@ Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com ------------------------------------------------------------------- Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com -- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff ------------------------------------------------------------------- @@ -635,7 +640,7 @@ Fri Aug 8 15:55:01 UTC 2014 - ckornacker@suse.com - buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) - krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch + krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch ------------------------------------------------------------------- Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com @@ -648,7 +653,7 @@ Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com ------------------------------------------------------------------- Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com -- Do not depend of insserv if systemd is used +- Do not depend of insserv if systemd is used ------------------------------------------------------------------- Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com @@ -719,7 +724,7 @@ Mon Jan 13 15:37:16 UTC 2014 - ckornacker@suse.com * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - - Fix GSS krb5 acceptor acquire_cred error handling + - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch @@ -752,7 +757,7 @@ Mon Jun 24 16:21:07 UTC 2013 - mc@suse.com ------------------------------------------------------------------- Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org -- remove fstack-protector-all from CFLAGS, just use the +- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs. @@ -791,7 +796,7 @@ Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer - mechanism or from the underlying mechanism. + mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch ------------------------------------------------------------------- @@ -993,7 +998,7 @@ Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de ------------------------------------------------------------------- Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com -- add patches from Fedora and upstream +- add patches from Fedora and upstream - fix init scripts (bnc#689006) ------------------------------------------------------------------- @@ -1031,12 +1036,12 @@ Wed Jan 19 14:42:27 CET 2011 - mc@suse.de CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) - CVE-2011-0281, CVE-2011-0282 + CVE-2011-0281, CVE-2011-0282 ------------------------------------------------------------------- Wed Dec 1 11:44:15 CET 2010 - mc@suse.de -- Fix multiple checksum handling vulnerabilities +- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums @@ -1048,21 +1053,21 @@ Wed Dec 1 11:44:15 CET 2010 - mc@suse.de CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 - * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery + * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery ------------------------------------------------------------------- Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de -- fix csh profile (bnc#649856) +- fix csh profile (bnc#649856) ------------------------------------------------------------------- Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de - update to krb5-1.8.3 * remove patches which are now upstrem - - krb5-1.7-MITKRB5-SA-2010-004.dif - - krb5-1.8.1-gssapi-error-table.dif - - krb5-MITKRB5-SA-2010-005.dif + - krb5-1.7-MITKRB5-SA-2010-004.dif + - krb5-1.8.1-gssapi-error-table.dif + - krb5-MITKRB5-SA-2010-005.dif ------------------------------------------------------------------- Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de @@ -1074,7 +1079,7 @@ Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de - fix a dereference of an uninitialized pointer while processing - authorization data. + authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) ------------------------------------------------------------------- @@ -1087,12 +1092,12 @@ Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com Wed May 19 14:27:19 CEST 2010 - mc@suse.de - fix GSS-API library null pointer dereference - CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de -- fix a double free vulnerability in the KDC +- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) ------------------------------------------------------------------- @@ -1100,12 +1105,12 @@ Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de - update to version 1.8.1 * include krb5-1.8-POST.dif - * include MITKRB5-SA-2010-002 + * include MITKRB5-SA-2010-002 ------------------------------------------------------------------- Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de -- update krb5-1.8-POST.dif +- update krb5-1.8-POST.dif ------------------------------------------------------------------- Tue Mar 23 14:32:41 CET 2010 - mc@suse.de @@ -1113,17 +1118,17 @@ Tue Mar 23 14:32:41 CET 2010 - mc@suse.de - fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. - CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) + CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) ------------------------------------------------------------------- Tue Mar 23 12:33:26 CET 2010 - mc@suse.de - add post 1.8 fixes * Add IPv6 support to changepw.c - * fix two problems in kadm5_get_principal mask handling + * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals - * dereference options while checking + * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting @@ -1133,16 +1138,16 @@ Tue Mar 23 12:33:26 CET 2010 - mc@suse.de Thu Mar 4 10:42:29 CET 2010 - mc@suse.de - update to version 1.8 - * Increase code quality + * Increase code quality * Move toward improved KDB interface - * Investigate and remedy repeatedly-reported performance + * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows - client library to track whether a KDC supports service + client library to track whether a KDC supports service principal referrals. - * Disable DES by default + * Disable DES by default * Account lockout for repeated login failures - * Bridge layer to allow Heimdal HDB modules to act as KDB + * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility @@ -1154,7 +1159,7 @@ Thu Mar 4 10:42:29 CET 2010 - mc@suse.de - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl - + ------------------------------------------------------------------- Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de @@ -1174,12 +1179,12 @@ Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com ------------------------------------------------------------------- Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de -- update to final 1.7 release +- update to final 1.7 release ------------------------------------------------------------------- Wed May 13 11:30:42 CEST 2009 - mc@suse.de -- update to version 1.7 Beta2 +- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. @@ -1192,7 +1197,7 @@ Wed May 13 11:30:42 CEST 2009 - mc@suse.de ------------------------------------------------------------------- Mon Feb 16 13:04:26 CET 2009 - mc@suse.de -- update to pre 1.7 version +- update to pre 1.7 version * Remove support for version 4 of the Kerberos protocol (krb4). * New libdefaults configuration variable "allow_weak_crypto". * Client library now follows client principal referrals, for @@ -1221,7 +1226,7 @@ Wed Jan 14 09:21:36 CET 2009 - olh@suse.de Thu Dec 11 14:12:57 CET 2008 - mc@suse.de - do not query IPv6 addresses if no IPv6 address exists on this host - [bnc#449143] + [bnc#449143] ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de @@ -1238,7 +1243,7 @@ Thu Oct 30 12:34:56 CET 2008 - olh@suse.de Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de - in case we use ldap as database backend, ldap should be - started before krb5kdc + started before krb5kdc ------------------------------------------------------------------- Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de @@ -1246,8 +1251,8 @@ Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de - add new fixes to post 1.6.3 patch * fix mem leak in krb5_gss_accept_sec_context() * keep minor_status - * kadm5_decrypt_key: A ktype of -1 is documented as meaning - "to be ignored" + * kadm5_decrypt_key: A ktype of -1 is documented as meaning + "to be ignored" * Reject socket fds > FD_SETSIZE ------------------------------------------------------------------- @@ -1264,14 +1269,14 @@ Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de - add case-insensitive.dif (FATE#300771) - minor fixes for ktutil man page -- reduce rpmlint warnings +- reduce rpmlint warnings ------------------------------------------------------------------- Wed May 14 17:44:59 CEST 2008 - mc@suse.de - Fall back to TCP on kdc-unresolvable/unreachable errors. - restore valid sequence number before generating requests - (fix changing passwords in mixed ipv4/ipv6 enviroments) + (fix changing passwords in mixed ipv4/ipv6 enviroments) ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de @@ -1282,7 +1287,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de ------------------------------------------------------------------- Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de -- modify krb5-config to not output rpath and cflags in --libs +- modify krb5-config to not output rpath and cflags in --libs (bnc#378270) ------------------------------------------------------------------- @@ -1294,7 +1299,7 @@ Fri Mar 14 11:27:55 CET 2008 - mc@suse.de * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948) Memory corruption while too many open file descriptors [bnc#363151] -- change default config file. Comment out the examples. +- change default config file. Comment out the examples. ------------------------------------------------------------------- Fri Dec 14 10:48:52 CET 2007 - mc@suse.de @@ -1309,12 +1314,12 @@ Fri Dec 14 10:48:52 CET 2007 - mc@suse.de ------------------------------------------------------------------- Tue Dec 4 16:36:07 CET 2007 - mc@suse.de -- improve GSSAPI error messages +- improve GSSAPI error messages ------------------------------------------------------------------- Tue Nov 6 13:53:17 CET 2007 - mc@suse.de -- add coreutils to PreReq +- add coreutils to PreReq ------------------------------------------------------------------- Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de @@ -1330,8 +1335,8 @@ Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif - * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that - that the client library will not failover to the next KDC. + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. [#310540] ------------------------------------------------------------------- @@ -1341,7 +1346,7 @@ Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de * new -S sname option for kvno * read_entropy_from_device on partial read will not fill buffer * Bail out if encoded "ticket" doesn't decode correctly. - * patch for referrals loop + * patch for referrals loop ------------------------------------------------------------------- Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de @@ -1362,10 +1367,10 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de - add krb5-1.6.2-post.dif * during the referrals loop, check to see if the - session key enctype of a returned credential for the final - service is among the enctypes explicitly selected by the - application, and retry with old_use_conf_ktypes if it is not. - * If mkstemp() is available, the new ccache file gets created but + session key enctype of a returned credential for the final + service is among the enctypes explicitly selected by the + application, and retry with old_use_conf_ktypes if it is not. + * If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. @@ -1374,7 +1379,7 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de - update to version 1.6.2 -- remove krb5-1.6.1-post.dif all fixes are included in this release +- remove krb5-1.6.1-post.dif all fixes are included in this release ------------------------------------------------------------------- Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de @@ -1386,7 +1391,7 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de - update krb5-1.6.1-post.dif * fix leak in krb5_walk_realm_tree - * rd_req_decoded needs to deal with referral realms + * rd_req_decoded needs to deal with referral realms * fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689] @@ -1397,14 +1402,14 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de ------------------------------------------------------------------- Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de -- fix unstripped-binary-or-object rpmlint warning +- fix unstripped-binary-or-object rpmlint warning ------------------------------------------------------------------- Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de - fixing rpmlint warnings and errors: * merged logrotate scripts kadmin and krb5kdc into a single file - krb5-server. + krb5-server. * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper. adapted krb5.spec and README.ConvertHeimdalMIT accordingly. @@ -1417,32 +1422,32 @@ Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de ------------------------------------------------------------------- Wed May 9 15:30:53 CEST 2007 - mc@suse.de -- fix uninitialized salt length +- fix uninitialized salt length - add extra check for keytab file ------------------------------------------------------------------- Thu May 3 12:11:29 CEST 2007 - mc@suse.de - adding krb5-1.6.1-post.dif - * fix segfault in krb5_get_init_creds_password + * fix segfault in krb5_get_init_creds_password * remove debug output in ftp client * profile stores empty string values without double quotes ------------------------------------------------------------------- Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de -- update to final 1.6.1 version +- update to final 1.6.1 version ------------------------------------------------------------------- Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de -- add plugin directories to main package +- add plugin directories to main package ------------------------------------------------------------------- Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de - update to version 1.6.1 Beta1 -- remove obsolete patches +- remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - rework compile_pie patch @@ -1469,8 +1474,8 @@ Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de ------------------------------------------------------------------- Mon Mar 5 11:01:20 CET 2007 - mc@suse.de -- move SuSEFirewall service definitions to - /etc/sysconfig/SuSEfirewall2.d/services +- move SuSEFirewall service definitions to + /etc/sysconfig/SuSEfirewall2.d/services ------------------------------------------------------------------- Thu Feb 22 11:13:48 CET 2007 - mc@suse.de @@ -1481,12 +1486,12 @@ Thu Feb 22 11:13:48 CET 2007 - mc@suse.de Mon Feb 19 13:59:43 CET 2007 - mc@suse.de - update krb5-1.6-post.dif -- move some applications into the right package +- move some applications into the right package ------------------------------------------------------------------- Fri Feb 9 13:31:22 CET 2007 - mc@suse.de -- update krb5-1.6-post.dif +- update krb5-1.6-post.dif ------------------------------------------------------------------- Mon Jan 29 11:27:23 CET 2007 - mc@suse.de @@ -1504,16 +1509,16 @@ Tue Jan 23 17:21:12 CET 2007 - mc@suse.de ------------------------------------------------------------------- Mon Jan 22 16:39:27 CET 2007 - mc@suse.de -- krb5-devel should require keyutils-devel +- krb5-devel should require keyutils-devel ------------------------------------------------------------------- Mon Jan 22 12:19:49 CET 2007 - mc@suse.de - update to version 1.6 - * Major changes in 1.6 include - * Partial client implementation to handle server name referrals. - * Pre-authentication plug-in framework, donated by Red Hat. - * LDAP KDB plug-in, donated by Novell. + * Major changes in 1.6 include + * Partial client implementation to handle server name referrals. + * Pre-authentication plug-in framework, donated by Red Hat. + * LDAP KDB plug-in, donated by Novell. - remove obsolete patches ------------------------------------------------------------------- @@ -1531,14 +1536,14 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de ------------------------------------------------------------------- Tue Jan 2 14:53:33 CET 2007 - mc@suse.de -- Fix Requires in krb5-devel +- Fix Requires in krb5-devel [Bug #231008] ------------------------------------------------------------------- Mon Nov 6 11:49:39 CET 2006 - mc@suse.de - fix "local variable used before set" [#217692] -- fix strncat warning +- fix strncat warning ------------------------------------------------------------------- Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de @@ -1549,7 +1554,7 @@ Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de ------------------------------------------------------------------- Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de -- fix function call with too few arguments [#203837] +- fix function call with too few arguments [#203837] ------------------------------------------------------------------- Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de @@ -1557,7 +1562,7 @@ Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de - update to version 1.5.1 - remove obsolete patches which are now included upstream * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif - * trunk-fix-uninitialized-vars.dif + * trunk-fix-uninitialized-vars.dif ------------------------------------------------------------------- Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de @@ -1569,7 +1574,7 @@ Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de ------------------------------------------------------------------- Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de -- remove update-messages +- remove update-messages ------------------------------------------------------------------- Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de @@ -1581,13 +1586,13 @@ Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de - update to version 1.5 - * KDB abstraction layer, donated by Novell. - * plug-in architecture, allowing for extension modules to be - loaded at run-time. - * multi-mechanism GSS-API implementation ("mechglue"), - donated by Sun Microsystems - * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") - implementation, donated by Sun Microsystems + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems - remove obsolete patches and add some new ------------------------------------------------------------------- @@ -1601,17 +1606,17 @@ Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de - add all daemons to %stop_on_removal and %restart_on_update - add reload to kpropd init script -- add force-reload to all init scripts +- add force-reload to all init scripts ------------------------------------------------------------------- Mon Mar 13 18:20:36 CET 2006 - mc@suse.de -- add libgssapi_krb5.so link to main package [#147912] +- add libgssapi_krb5.so link to main package [#147912] ------------------------------------------------------------------- Fri Feb 3 18:17:01 CET 2006 - mc@suse.de -- fix logging section for kadmind in convert script +- fix logging section for kadmind in convert script ------------------------------------------------------------------- Wed Jan 25 21:30:24 CET 2006 - mls@suse.de @@ -1621,12 +1626,12 @@ Wed Jan 25 21:30:24 CET 2006 - mls@suse.de ------------------------------------------------------------------- Fri Jan 13 14:44:24 CET 2006 - mc@suse.de -- change the logging defaults +- change the logging defaults ------------------------------------------------------------------- Wed Jan 11 12:59:08 CET 2006 - mc@suse.de -- add tools and README for heimdal => MIT update +- add tools and README for heimdal => MIT update ------------------------------------------------------------------- Mon Jan 9 14:41:07 CET 2006 - mc@suse.de @@ -1637,7 +1642,7 @@ Mon Jan 9 14:41:07 CET 2006 - mc@suse.de ------------------------------------------------------------------- Tue Jan 3 16:00:13 CET 2006 - mc@suse.de -- added "make %{?jobs:-j%jobs}" +- added "make %{?jobs:-j%jobs}" ------------------------------------------------------------------- Fri Nov 18 12:12:01 CET 2005 - mc@suse.de @@ -1646,33 +1651,33 @@ Fri Nov 18 12:12:01 CET 2005 - mc@suse.de * some memmory leaks fixed * fix for "AS_REP padata has wrong enctype" * fix for "AS_REP padata missing PA-ETYPE-INFO" - * ... and more + * ... and more ------------------------------------------------------------------- Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de -- don't build as root +- don't build as root ------------------------------------------------------------------- Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de - update to version 1.4.2 -- remove some obsolet patches +- remove some obsolet patches ------------------------------------------------------------------- Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de -- build with --disable-static +- build with --disable-static ------------------------------------------------------------------- Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de -- remove devel-static subpackage +- remove devel-static subpackage ------------------------------------------------------------------- Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de -- better patch for princ_comp problem +- better patch for princ_comp problem ------------------------------------------------------------------- Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de @@ -1691,18 +1696,18 @@ Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de - fixed krb5 double free() [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] - fix krb5 NULL pointer reference while comparing principals - [#91600] + [#91600] ------------------------------------------------------------------- Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de -- fix uninitialized variables +- fix uninitialized variables - compile with -fPIE/ link with -pie ------------------------------------------------------------------- Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de -- fixed wrong xinetd files [#77149] +- fixed wrong xinetd files [#77149] ------------------------------------------------------------------- Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de @@ -1713,26 +1718,26 @@ Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de ------------------------------------------------------------------- Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de -- fixed missing descriptions in init files - [#76164, #76165, #76166, #76169] +- fixed missing descriptions in init files + [#76164, #76165, #76166, #76169] ------------------------------------------------------------------- Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de - enhance $PATH via /etc/profile.d/ [#74018] -- remove the "links to important programs" +- remove the "links to important programs" ------------------------------------------------------------------- Fri Mar 18 11:09:43 CET 2005 - mc@suse.de -- fixed not running converter script [#72854] +- fixed not running converter script [#72854] ------------------------------------------------------------------- Thu Mar 17 14:15:17 CET 2005 - mc@suse.de -- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer +- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer Overflow -- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer +- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer Overflow [#73618] @@ -1750,38 +1755,38 @@ Tue Mar 15 19:54:58 CET 2005 - mc@suse.de Mon Mar 14 17:08:59 CET 2005 - mc@suse.de - fixed: rckrb5kdc restart gives wrong status with non-running service - [#72446] + [#72446] ------------------------------------------------------------------- Thu Mar 10 10:48:07 CET 2005 - mc@suse.de -- add requires: e2fsprogs-devel to krb5-devel package [#71732] +- add requires: e2fsprogs-devel to krb5-devel package [#71732] ------------------------------------------------------------------- Fri Feb 25 17:35:37 CET 2005 - mc@suse.de - fix double free [#66534] - krb5-1.4-fix-error_tables.dif + krb5-1.4-fix-error_tables.dif ------------------------------------------------------------------- Fri Feb 11 14:01:32 CET 2005 - mc@suse.de -- change mode for shared libraries to 755 +- change mode for shared libraries to 755 ------------------------------------------------------------------- Fri Feb 4 16:48:16 CET 2005 - mc@suse.de - remove spx.c from tarball because of legal risk -- add README.Source which tell the user about this +- add README.Source which tell the user about this action. - add a check for spx.c in the spec-file -- use rich-text for update-messages [#50250] +- use rich-text for update-messages [#50250] ------------------------------------------------------------------- Tue Feb 1 12:13:45 CET 2005 - mc@suse.de - add krb5-1.4-reduce-namespace-polution.dif - reduce namespace polution in gssapi.h [#50356] + reduce namespace polution in gssapi.h [#50356] ------------------------------------------------------------------- Fri Jan 28 13:25:42 CET 2005 - mc@suse.de @@ -1803,13 +1808,13 @@ Fri Jan 28 13:25:42 CET 2005 - mc@suse.de ------------------------------------------------------------------- Mon Jan 17 11:34:52 CET 2005 - mc@suse.de -- add proofreaded update-messages +- add proofreaded update-messages ------------------------------------------------------------------- Fri Jan 14 14:38:25 CET 2005 - mc@suse.de -- remove Conflicts: and add Provides: -- add some insserv stuff +- remove Conflicts: and add Provides: +- add some insserv stuff ------------------------------------------------------------------- Thu Jan 13 11:54:01 CET 2005 - mc@suse.de @@ -1824,13 +1829,13 @@ Thu Jan 13 11:54:01 CET 2005 - mc@suse.de Mon Jan 10 12:18:02 CET 2005 - mc@suse.de - update to version 1.3.6 -- fix for: heap buffer overflow in libkadm5srv - [CAN-2004-1189 / MITKRB5-SA-2004-004] +- fix for: heap buffer overflow in libkadm5srv + [CAN-2004-1189 / MITKRB5-SA-2004-004] ------------------------------------------------------------------- Tue Dec 14 15:30:23 CET 2004 - mc@suse.de -- build doc subpackage in an own specfile +- build doc subpackage in an own specfile - removed unnecessary neededforbuild requirements ------------------------------------------------------------------- @@ -1842,7 +1847,7 @@ Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de Mon Nov 15 17:25:56 CET 2004 - mc@suse.de - added Conflicts with heimdal* -- rename some manpages to avoid conflicts +- rename some manpages to avoid conflicts ------------------------------------------------------------------- Thu Nov 4 18:03:11 CET 2004 - mc@suse.de @@ -1856,11 +1861,10 @@ Thu Nov 4 18:03:11 CET 2004 - mc@suse.de Wed Nov 3 18:52:07 CET 2004 - mc@suse.de - add e2fsprogs to NFB -- use system-et and system-ss -- fix includes of com_err.h +- use system-et and system-ss +- fix includes of com_err.h ------------------------------------------------------------------- Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de -- Initital checkin - +- Initital checkin diff --git a/krb5-mini.spec b/krb5-mini.spec index ec156c4..ed608d5 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -26,21 +26,21 @@ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini -Url: https://web.mit.edu/kerberos/www/ +Version: 1.17 +Release: 0 +Summary: MIT Kerberos5 implementation and libraries with minimal dependencies +License: MIT +Group: Productivity/Networking/Security +URL: https://web.mit.edu/kerberos/www/ +Obsoletes: krb5-plugin-preauth-pkinit-nss BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel -BuildRequires: ncurses-devel -Version: 1.17 -Release: 0 -Summary: MIT Kerberos5 implementation and libraries with minimal dependencies -License: MIT -Group: Productivity/Networking/Security -Obsoletes: krb5-plugin-preauth-pkinit-nss BuildRequires: libverto-devel +BuildRequires: ncurses-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -119,7 +119,7 @@ autoreconf -fi DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME ./configure \ CC="%{__cc}" \ - CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ + CFLAGS="%{optflags} -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --prefix=/usr/lib/mit \ @@ -148,16 +148,12 @@ make %{?_smp_mflags} cp man/kadmin.man man/kadmin.local.8 %install - -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5 - -cd src -make DESTDIR=%{buildroot} install -cd .. +mkdir -p %{buildroot}/%{_localstatedir}/log/krb5 +%make_install -C src # Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks # of the buildconf patch already conspire to strip out /usr/ from the # list of link flags, and it helps prevent file conflicts on multilib systems. -sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config +sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' %{buildroot}/usr/lib/mit/bin/krb5-config # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal @@ -212,9 +208,9 @@ install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates -mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} -install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ -install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ +mkdir -p %{buildroot}/%{_fillupdir} +install -m 644 %{vendorFiles}/sysconfig.kadmind %{buildroot}/%{_fillupdir}/ +install -m 644 %{vendorFiles}/sysconfig.krb5kdc %{buildroot}/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server diff --git a/krb5.changes b/krb5.changes index 03a2baa..4258e6e 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars + ------------------------------------------------------------------- Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero @@ -106,11 +111,11 @@ Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com Wed Apr 25 21:54:39 UTC 2018 - luizluca@gmail.com - Added support for /etc/krb5.conf.d/ for configuration snippets - + ------------------------------------------------------------------- Thu Nov 23 13:38:38 UTC 2017 - rbrown@suse.com -- Replace references to /var/adm/fillup-templates with new +- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468) ------------------------------------------------------------------- @@ -276,8 +281,8 @@ Sat Dec 3 13:04:11 UTC 2016 - michael@stroeder.com ------------------------------------------------------------------- Mon Nov 14 08:36:06 UTC 2016 - christof.hanke@rzg.mpg.de -- add pam configuration file required for ksu - just use a copy of "su" one from Tumbleweed +- add pam configuration file required for ksu + just use a copy of "su" one from Tumbleweed ------------------------------------------------------------------- Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com @@ -290,11 +295,11 @@ Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com nonexistent policies * Fix a rare KDC denial of service vulnerability when anonymous client principals are restricted to obtaining TGTs only [CVE-2016-3120] - + ------------------------------------------------------------------- Sat Jul 2 11:38:54 UTC 2016 - idonmez@suse.com -- Remove comments breaking post scripts. +- Remove comments breaking post scripts. ------------------------------------------------------------------- Thu Jun 30 13:34:29 UTC 2016 - fcrozat@suse.com @@ -657,7 +662,7 @@ Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com ------------------------------------------------------------------- Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com -- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff ------------------------------------------------------------------- @@ -698,7 +703,7 @@ Fri Aug 8 15:55:01 UTC 2014 - ckornacker@suse.com - buffer overrun in kadmind with LDAP backend CVE-2014-4345 (bnc#891082) - krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch + krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch ------------------------------------------------------------------- Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com @@ -711,7 +716,7 @@ Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com ------------------------------------------------------------------- Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com -- Do not depend of insserv if systemd is used +- Do not depend of insserv if systemd is used ------------------------------------------------------------------- Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com @@ -782,7 +787,7 @@ Mon Jan 13 15:37:16 UTC 2014 - ckornacker@suse.com * krb5-master-gss_oid_leak.patch - Fix SPNEGO one-hop interop against old IIS * krb5-master-ignore-empty-unnecessary-final-token.patch - - Fix GSS krb5 acceptor acquire_cred error handling + - Fix GSS krb5 acceptor acquire_cred error handling * krb5-master-keytab_close.patch - Avoid malloc(0) in SPNEGO get_input_token * krb5-master-no-malloc0.patch @@ -815,7 +820,7 @@ Mon Jun 24 16:21:07 UTC 2013 - mc@suse.com ------------------------------------------------------------------- Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org -- remove fstack-protector-all from CFLAGS, just use the +- remove fstack-protector-all from CFLAGS, just use the lighter/fast version already present in %optflags - Use LFS_CFLAGS to build in 32 bit archs. @@ -854,7 +859,7 @@ Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de that failed to load. * gss_import_sec_context incorrectly set internal state that identifies whether an imported context is from an interposer - mechanism or from the underlying mechanism. + mechanism or from the underlying mechanism. - upstream fix obsolete krb5-lookup_etypes-leak.patch ------------------------------------------------------------------- @@ -1056,7 +1061,7 @@ Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de ------------------------------------------------------------------- Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com -- add patches from Fedora and upstream +- add patches from Fedora and upstream - fix init scripts (bnc#689006) ------------------------------------------------------------------- @@ -1094,12 +1099,12 @@ Wed Jan 19 14:42:27 CET 2011 - mc@suse.de CVE-2010-4022 - Fix KDC denial of service attacks with LDAP back end (MITKRB5-SA-2011-002, bnc#663619) - CVE-2011-0281, CVE-2011-0282 + CVE-2011-0281, CVE-2011-0282 ------------------------------------------------------------------- Wed Dec 1 11:44:15 CET 2010 - mc@suse.de -- Fix multiple checksum handling vulnerabilities +- Fix multiple checksum handling vulnerabilities (MITKRB5-SA-2010-007, bnc#650650) CVE-2010-1324 * krb5 GSS-API applications may accept unkeyed checksums @@ -1111,21 +1116,21 @@ Wed Dec 1 11:44:15 CET 2010 - mc@suse.de CVE-2010-4020 * krb5 may accept authdata checksums with low-entropy derived keys CVE-2010-4021 - * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery + * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery ------------------------------------------------------------------- Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de -- fix csh profile (bnc#649856) +- fix csh profile (bnc#649856) ------------------------------------------------------------------- Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de - update to krb5-1.8.3 * remove patches which are now upstrem - - krb5-1.7-MITKRB5-SA-2010-004.dif - - krb5-1.8.1-gssapi-error-table.dif - - krb5-MITKRB5-SA-2010-005.dif + - krb5-1.7-MITKRB5-SA-2010-004.dif + - krb5-1.8.1-gssapi-error-table.dif + - krb5-MITKRB5-SA-2010-005.dif ------------------------------------------------------------------- Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de @@ -1137,7 +1142,7 @@ Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de - fix a dereference of an uninitialized pointer while processing - authorization data. + authorization data. CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990) ------------------------------------------------------------------- @@ -1150,12 +1155,12 @@ Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com Wed May 19 14:27:19 CEST 2010 - mc@suse.de - fix GSS-API library null pointer dereference - CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) + CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) ------------------------------------------------------------------- Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de -- fix a double free vulnerability in the KDC +- fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) ------------------------------------------------------------------- @@ -1163,12 +1168,12 @@ Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de - update to version 1.8.1 * include krb5-1.8-POST.dif - * include MITKRB5-SA-2010-002 + * include MITKRB5-SA-2010-002 ------------------------------------------------------------------- Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de -- update krb5-1.8-POST.dif +- update krb5-1.8-POST.dif ------------------------------------------------------------------- Tue Mar 23 14:32:41 CET 2010 - mc@suse.de @@ -1176,17 +1181,17 @@ Tue Mar 23 14:32:41 CET 2010 - mc@suse.de - fix a bug where an unauthenticated remote attacker could cause a GSS-API application including the Kerberos administration daemon (kadmind) to crash. - CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) + CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) ------------------------------------------------------------------- Tue Mar 23 12:33:26 CET 2010 - mc@suse.de - add post 1.8 fixes * Add IPv6 support to changepw.c - * fix two problems in kadm5_get_principal mask handling + * fix two problems in kadm5_get_principal mask handling * Ignore improperly encoded signedpath AD elements * handle NT_SRV_INST in service principal referrals - * dereference options while checking + * dereference options while checking KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT * Fix the kpasswd fallback from the ccache principal name * Document the ticket_lifetime libdefaults setting @@ -1196,16 +1201,16 @@ Tue Mar 23 12:33:26 CET 2010 - mc@suse.de Thu Mar 4 10:42:29 CET 2010 - mc@suse.de - update to version 1.8 - * Increase code quality + * Increase code quality * Move toward improved KDB interface - * Investigate and remedy repeatedly-reported performance + * Investigate and remedy repeatedly-reported performance bottlenecks. * Reduce DNS dependence by implementing an interface that allows - client library to track whether a KDC supports service + client library to track whether a KDC supports service principal referrals. - * Disable DES by default + * Disable DES by default * Account lockout for repeated login failures - * Bridge layer to allow Heimdal HDB modules to act as KDB + * Bridge layer to allow Heimdal HDB modules to act as KDB backend modules * FAST enhancements * Microsoft Services for User (S4U) compatibility @@ -1217,7 +1222,7 @@ Thu Mar 4 10:42:29 CET 2010 - mc@suse.de - fix integer underflow in AES and RC4 decryption CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) - moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl - + ------------------------------------------------------------------- Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de @@ -1237,12 +1242,12 @@ Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com ------------------------------------------------------------------- Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de -- update to final 1.7 release +- update to final 1.7 release ------------------------------------------------------------------- Wed May 13 11:30:42 CEST 2009 - mc@suse.de -- update to version 1.7 Beta2 +- update to version 1.7 Beta2 * Incremental propagation support for the KDC database. * Flexible Authentication Secure Tunneling (FAST), a preauthentiation framework that can protect the AS exchange from dictionary attack. @@ -1255,7 +1260,7 @@ Wed May 13 11:30:42 CEST 2009 - mc@suse.de ------------------------------------------------------------------- Mon Feb 16 13:04:26 CET 2009 - mc@suse.de -- update to pre 1.7 version +- update to pre 1.7 version * Remove support for version 4 of the Kerberos protocol (krb4). * New libdefaults configuration variable "allow_weak_crypto". * Client library now follows client principal referrals, for @@ -1284,7 +1289,7 @@ Wed Jan 14 09:21:36 CET 2009 - olh@suse.de Thu Dec 11 14:12:57 CET 2008 - mc@suse.de - do not query IPv6 addresses if no IPv6 address exists on this host - [bnc#449143] + [bnc#449143] ------------------------------------------------------------------- Wed Dec 10 12:34:56 CET 2008 - olh@suse.de @@ -1301,7 +1306,7 @@ Thu Oct 30 12:34:56 CET 2008 - olh@suse.de Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de - in case we use ldap as database backend, ldap should be - started before krb5kdc + started before krb5kdc ------------------------------------------------------------------- Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de @@ -1309,8 +1314,8 @@ Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de - add new fixes to post 1.6.3 patch * fix mem leak in krb5_gss_accept_sec_context() * keep minor_status - * kadm5_decrypt_key: A ktype of -1 is documented as meaning - "to be ignored" + * kadm5_decrypt_key: A ktype of -1 is documented as meaning + "to be ignored" * Reject socket fds > FD_SETSIZE ------------------------------------------------------------------- @@ -1327,14 +1332,14 @@ Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de - add case-insensitive.dif (FATE#300771) - minor fixes for ktutil man page -- reduce rpmlint warnings +- reduce rpmlint warnings ------------------------------------------------------------------- Wed May 14 17:44:59 CEST 2008 - mc@suse.de - Fall back to TCP on kdc-unresolvable/unreachable errors. - restore valid sequence number before generating requests - (fix changing passwords in mixed ipv4/ipv6 enviroments) + (fix changing passwords in mixed ipv4/ipv6 enviroments) ------------------------------------------------------------------- Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de @@ -1345,7 +1350,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de ------------------------------------------------------------------- Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de -- modify krb5-config to not output rpath and cflags in --libs +- modify krb5-config to not output rpath and cflags in --libs (bnc#378270) ------------------------------------------------------------------- @@ -1357,7 +1362,7 @@ Fri Mar 14 11:27:55 CET 2008 - mc@suse.de * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948) Memory corruption while too many open file descriptors [bnc#363151] -- change default config file. Comment out the examples. +- change default config file. Comment out the examples. ------------------------------------------------------------------- Fri Dec 14 10:48:52 CET 2007 - mc@suse.de @@ -1372,12 +1377,12 @@ Fri Dec 14 10:48:52 CET 2007 - mc@suse.de ------------------------------------------------------------------- Tue Dec 4 16:36:07 CET 2007 - mc@suse.de -- improve GSSAPI error messages +- improve GSSAPI error messages ------------------------------------------------------------------- Tue Nov 6 13:53:17 CET 2007 - mc@suse.de -- add coreutils to PreReq +- add coreutils to PreReq ------------------------------------------------------------------- Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de @@ -1393,8 +1398,8 @@ Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de - update krb5-1.6.2-post.dif - * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that - that the client library will not failover to the next KDC. + * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that + that the client library will not failover to the next KDC. [#310540] ------------------------------------------------------------------- @@ -1404,7 +1409,7 @@ Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de * new -S sname option for kvno * read_entropy_from_device on partial read will not fill buffer * Bail out if encoded "ticket" doesn't decode correctly. - * patch for referrals loop + * patch for referrals loop ------------------------------------------------------------------- Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de @@ -1425,10 +1430,10 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de - add krb5-1.6.2-post.dif * during the referrals loop, check to see if the - session key enctype of a returned credential for the final - service is among the enctypes explicitly selected by the - application, and retry with old_use_conf_ktypes if it is not. - * If mkstemp() is available, the new ccache file gets created but + session key enctype of a returned credential for the final + service is among the enctypes explicitly selected by the + application, and retry with old_use_conf_ktypes if it is not. + * If mkstemp() is available, the new ccache file gets created but the subsequent open(O_CREAT|O_EXCL) call fails because the file was already created by mkstemp(). Apply patch from Apple to keep the file descriptor open. @@ -1437,7 +1442,7 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de - update to version 1.6.2 -- remove krb5-1.6.1-post.dif all fixes are included in this release +- remove krb5-1.6.1-post.dif all fixes are included in this release ------------------------------------------------------------------- Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de @@ -1449,7 +1454,7 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de - update krb5-1.6.1-post.dif * fix leak in krb5_walk_realm_tree - * rd_req_decoded needs to deal with referral realms + * rd_req_decoded needs to deal with referral realms * fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689] @@ -1460,14 +1465,14 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de ------------------------------------------------------------------- Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de -- fix unstripped-binary-or-object rpmlint warning +- fix unstripped-binary-or-object rpmlint warning ------------------------------------------------------------------- Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de - fixing rpmlint warnings and errors: * merged logrotate scripts kadmin and krb5kdc into a single file - krb5-server. + krb5-server. * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper. adapted krb5.spec and README.ConvertHeimdalMIT accordingly. @@ -1480,32 +1485,32 @@ Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de ------------------------------------------------------------------- Wed May 9 15:30:53 CEST 2007 - mc@suse.de -- fix uninitialized salt length +- fix uninitialized salt length - add extra check for keytab file ------------------------------------------------------------------- Thu May 3 12:11:29 CEST 2007 - mc@suse.de - adding krb5-1.6.1-post.dif - * fix segfault in krb5_get_init_creds_password + * fix segfault in krb5_get_init_creds_password * remove debug output in ftp client * profile stores empty string values without double quotes ------------------------------------------------------------------- Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de -- update to final 1.6.1 version +- update to final 1.6.1 version ------------------------------------------------------------------- Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de -- add plugin directories to main package +- add plugin directories to main package ------------------------------------------------------------------- Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de - update to version 1.6.1 Beta1 -- remove obsolete patches +- remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - rework compile_pie patch @@ -1532,8 +1537,8 @@ Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de ------------------------------------------------------------------- Mon Mar 5 11:01:20 CET 2007 - mc@suse.de -- move SuSEFirewall service definitions to - /etc/sysconfig/SuSEfirewall2.d/services +- move SuSEFirewall service definitions to + /etc/sysconfig/SuSEfirewall2.d/services ------------------------------------------------------------------- Thu Feb 22 11:13:48 CET 2007 - mc@suse.de @@ -1544,12 +1549,12 @@ Thu Feb 22 11:13:48 CET 2007 - mc@suse.de Mon Feb 19 13:59:43 CET 2007 - mc@suse.de - update krb5-1.6-post.dif -- move some applications into the right package +- move some applications into the right package ------------------------------------------------------------------- Fri Feb 9 13:31:22 CET 2007 - mc@suse.de -- update krb5-1.6-post.dif +- update krb5-1.6-post.dif ------------------------------------------------------------------- Mon Jan 29 11:27:23 CET 2007 - mc@suse.de @@ -1567,16 +1572,16 @@ Tue Jan 23 17:21:12 CET 2007 - mc@suse.de ------------------------------------------------------------------- Mon Jan 22 16:39:27 CET 2007 - mc@suse.de -- krb5-devel should require keyutils-devel +- krb5-devel should require keyutils-devel ------------------------------------------------------------------- Mon Jan 22 12:19:49 CET 2007 - mc@suse.de - update to version 1.6 - * Major changes in 1.6 include - * Partial client implementation to handle server name referrals. - * Pre-authentication plug-in framework, donated by Red Hat. - * LDAP KDB plug-in, donated by Novell. + * Major changes in 1.6 include + * Partial client implementation to handle server name referrals. + * Pre-authentication plug-in framework, donated by Red Hat. + * LDAP KDB plug-in, donated by Novell. - remove obsolete patches ------------------------------------------------------------------- @@ -1594,14 +1599,14 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de ------------------------------------------------------------------- Tue Jan 2 14:53:33 CET 2007 - mc@suse.de -- Fix Requires in krb5-devel +- Fix Requires in krb5-devel [Bug #231008] ------------------------------------------------------------------- Mon Nov 6 11:49:39 CET 2006 - mc@suse.de - fix "local variable used before set" [#217692] -- fix strncat warning +- fix strncat warning ------------------------------------------------------------------- Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de @@ -1612,7 +1617,7 @@ Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de ------------------------------------------------------------------- Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de -- fix function call with too few arguments [#203837] +- fix function call with too few arguments [#203837] ------------------------------------------------------------------- Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de @@ -1620,7 +1625,7 @@ Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de - update to version 1.5.1 - remove obsolete patches which are now included upstream * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif - * trunk-fix-uninitialized-vars.dif + * trunk-fix-uninitialized-vars.dif ------------------------------------------------------------------- Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de @@ -1632,7 +1637,7 @@ Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de ------------------------------------------------------------------- Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de -- remove update-messages +- remove update-messages ------------------------------------------------------------------- Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de @@ -1644,13 +1649,13 @@ Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de - update to version 1.5 - * KDB abstraction layer, donated by Novell. - * plug-in architecture, allowing for extension modules to be - loaded at run-time. - * multi-mechanism GSS-API implementation ("mechglue"), - donated by Sun Microsystems - * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") - implementation, donated by Sun Microsystems + * KDB abstraction layer, donated by Novell. + * plug-in architecture, allowing for extension modules to be + loaded at run-time. + * multi-mechanism GSS-API implementation ("mechglue"), + donated by Sun Microsystems + * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") + implementation, donated by Sun Microsystems - remove obsolete patches and add some new ------------------------------------------------------------------- @@ -1664,17 +1669,17 @@ Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de - add all daemons to %stop_on_removal and %restart_on_update - add reload to kpropd init script -- add force-reload to all init scripts +- add force-reload to all init scripts ------------------------------------------------------------------- Mon Mar 13 18:20:36 CET 2006 - mc@suse.de -- add libgssapi_krb5.so link to main package [#147912] +- add libgssapi_krb5.so link to main package [#147912] ------------------------------------------------------------------- Fri Feb 3 18:17:01 CET 2006 - mc@suse.de -- fix logging section for kadmind in convert script +- fix logging section for kadmind in convert script ------------------------------------------------------------------- Wed Jan 25 21:30:24 CET 2006 - mls@suse.de @@ -1684,12 +1689,12 @@ Wed Jan 25 21:30:24 CET 2006 - mls@suse.de ------------------------------------------------------------------- Fri Jan 13 14:44:24 CET 2006 - mc@suse.de -- change the logging defaults +- change the logging defaults ------------------------------------------------------------------- Wed Jan 11 12:59:08 CET 2006 - mc@suse.de -- add tools and README for heimdal => MIT update +- add tools and README for heimdal => MIT update ------------------------------------------------------------------- Mon Jan 9 14:41:07 CET 2006 - mc@suse.de @@ -1700,7 +1705,7 @@ Mon Jan 9 14:41:07 CET 2006 - mc@suse.de ------------------------------------------------------------------- Tue Jan 3 16:00:13 CET 2006 - mc@suse.de -- added "make %{?jobs:-j%jobs}" +- added "make %{?jobs:-j%jobs}" ------------------------------------------------------------------- Fri Nov 18 12:12:01 CET 2005 - mc@suse.de @@ -1709,33 +1714,33 @@ Fri Nov 18 12:12:01 CET 2005 - mc@suse.de * some memmory leaks fixed * fix for "AS_REP padata has wrong enctype" * fix for "AS_REP padata missing PA-ETYPE-INFO" - * ... and more + * ... and more ------------------------------------------------------------------- Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de -- don't build as root +- don't build as root ------------------------------------------------------------------- Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de - update to version 1.4.2 -- remove some obsolet patches +- remove some obsolet patches ------------------------------------------------------------------- Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de -- build with --disable-static +- build with --disable-static ------------------------------------------------------------------- Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de -- remove devel-static subpackage +- remove devel-static subpackage ------------------------------------------------------------------- Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de -- better patch for princ_comp problem +- better patch for princ_comp problem ------------------------------------------------------------------- Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de @@ -1754,18 +1759,18 @@ Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de - fixed krb5 double free() [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] - fix krb5 NULL pointer reference while comparing principals - [#91600] + [#91600] ------------------------------------------------------------------- Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de -- fix uninitialized variables +- fix uninitialized variables - compile with -fPIE/ link with -pie ------------------------------------------------------------------- Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de -- fixed wrong xinetd files [#77149] +- fixed wrong xinetd files [#77149] ------------------------------------------------------------------- Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de @@ -1776,26 +1781,26 @@ Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de ------------------------------------------------------------------- Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de -- fixed missing descriptions in init files - [#76164, #76165, #76166, #76169] +- fixed missing descriptions in init files + [#76164, #76165, #76166, #76169] ------------------------------------------------------------------- Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de - enhance $PATH via /etc/profile.d/ [#74018] -- remove the "links to important programs" +- remove the "links to important programs" ------------------------------------------------------------------- Fri Mar 18 11:09:43 CET 2005 - mc@suse.de -- fixed not running converter script [#72854] +- fixed not running converter script [#72854] ------------------------------------------------------------------- Thu Mar 17 14:15:17 CET 2005 - mc@suse.de -- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer +- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer Overflow -- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer +- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer Overflow [#73618] @@ -1813,38 +1818,38 @@ Tue Mar 15 19:54:58 CET 2005 - mc@suse.de Mon Mar 14 17:08:59 CET 2005 - mc@suse.de - fixed: rckrb5kdc restart gives wrong status with non-running service - [#72446] + [#72446] ------------------------------------------------------------------- Thu Mar 10 10:48:07 CET 2005 - mc@suse.de -- add requires: e2fsprogs-devel to krb5-devel package [#71732] +- add requires: e2fsprogs-devel to krb5-devel package [#71732] ------------------------------------------------------------------- Fri Feb 25 17:35:37 CET 2005 - mc@suse.de - fix double free [#66534] - krb5-1.4-fix-error_tables.dif + krb5-1.4-fix-error_tables.dif ------------------------------------------------------------------- Fri Feb 11 14:01:32 CET 2005 - mc@suse.de -- change mode for shared libraries to 755 +- change mode for shared libraries to 755 ------------------------------------------------------------------- Fri Feb 4 16:48:16 CET 2005 - mc@suse.de - remove spx.c from tarball because of legal risk -- add README.Source which tell the user about this +- add README.Source which tell the user about this action. - add a check for spx.c in the spec-file -- use rich-text for update-messages [#50250] +- use rich-text for update-messages [#50250] ------------------------------------------------------------------- Tue Feb 1 12:13:45 CET 2005 - mc@suse.de - add krb5-1.4-reduce-namespace-polution.dif - reduce namespace polution in gssapi.h [#50356] + reduce namespace polution in gssapi.h [#50356] ------------------------------------------------------------------- Fri Jan 28 13:25:42 CET 2005 - mc@suse.de @@ -1866,13 +1871,13 @@ Fri Jan 28 13:25:42 CET 2005 - mc@suse.de ------------------------------------------------------------------- Mon Jan 17 11:34:52 CET 2005 - mc@suse.de -- add proofreaded update-messages +- add proofreaded update-messages ------------------------------------------------------------------- Fri Jan 14 14:38:25 CET 2005 - mc@suse.de -- remove Conflicts: and add Provides: -- add some insserv stuff +- remove Conflicts: and add Provides: +- add some insserv stuff ------------------------------------------------------------------- Thu Jan 13 11:54:01 CET 2005 - mc@suse.de @@ -1887,13 +1892,13 @@ Thu Jan 13 11:54:01 CET 2005 - mc@suse.de Mon Jan 10 12:18:02 CET 2005 - mc@suse.de - update to version 1.3.6 -- fix for: heap buffer overflow in libkadm5srv - [CAN-2004-1189 / MITKRB5-SA-2004-004] +- fix for: heap buffer overflow in libkadm5srv + [CAN-2004-1189 / MITKRB5-SA-2004-004] ------------------------------------------------------------------- Tue Dec 14 15:30:23 CET 2004 - mc@suse.de -- build doc subpackage in an own specfile +- build doc subpackage in an own specfile - removed unnecessary neededforbuild requirements ------------------------------------------------------------------- @@ -1905,7 +1910,7 @@ Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de Mon Nov 15 17:25:56 CET 2004 - mc@suse.de - added Conflicts with heimdal* -- rename some manpages to avoid conflicts +- rename some manpages to avoid conflicts ------------------------------------------------------------------- Thu Nov 4 18:03:11 CET 2004 - mc@suse.de @@ -1919,11 +1924,10 @@ Thu Nov 4 18:03:11 CET 2004 - mc@suse.de Wed Nov 3 18:52:07 CET 2004 - mc@suse.de - add e2fsprogs to NFB -- use system-et and system-ss -- fix includes of com_err.h +- use system-et and system-ss +- fix includes of com_err.h ------------------------------------------------------------------- Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de -- Initital checkin - +- Initital checkin diff --git a/krb5.spec b/krb5.spec index 7f0eee4..5bf50cf 100644 --- a/krb5.spec +++ b/krb5.spec @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -22,22 +22,22 @@ %endif Name: krb5 -Url: https://web.mit.edu/kerberos/www/ -BuildRequires: autoconf -BuildRequires: bison -BuildRequires: keyutils -BuildRequires: keyutils-devel -BuildRequires: libcom_err-devel -BuildRequires: libselinux-devel -BuildRequires: ncurses-devel Version: 1.17 Release: 0 Summary: MIT Kerberos5 implementation License: MIT Group: Productivity/Networking/Security +URL: https://web.mit.edu/kerberos/www/ Obsoletes: krb5-plugin-preauth-pkinit-nss +BuildRequires: autoconf +BuildRequires: bison +BuildRequires: keyutils +BuildRequires: keyutils-devel +BuildRequires: libcom_err-devel BuildRequires: libopenssl-devel +BuildRequires: libselinux-devel BuildRequires: libverto-devel +BuildRequires: ncurses-devel BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pkgconfig(systemd) @@ -193,7 +193,7 @@ autoreconf -fi DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME ./configure \ CC="%{__cc}" \ - CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ + CFLAGS="%{optflags} -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --prefix=/usr/lib/mit \ @@ -224,16 +224,12 @@ make %{?_smp_mflags} cp man/kadmin.man man/kadmin.local.8 %install - -mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5 - -cd src -make DESTDIR=%{buildroot} install -cd .. +mkdir -p %{buildroot}/%{_localstatedir}/log/krb5 +%make_install -C src # Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks # of the buildconf patch already conspire to strip out /usr/ from the # list of link flags, and it helps prevent file conflicts on multilib systems. -sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config +sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' %{buildroot}/usr/lib/mit/bin/krb5-config # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal @@ -288,13 +284,13 @@ install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates -mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} -install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ -install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ +mkdir -p %{buildroot}/%{_fillupdir} +install -m 644 %{vendorFiles}/sysconfig.kadmind %{buildroot}/%{_fillupdir}/ +install -m 644 %{vendorFiles}/sysconfig.krb5kdc %{buildroot}/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server -find . -type f -name '*.ps' -exec gzip -9 {} \; +find . -type f -name '*.ps' -exec gzip -9 {} + # create rc* links mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/sbin/