diff --git a/krb5-1.6.3-kpasswd_tcp.patch b/krb5-1.6.3-kpasswd_tcp.patch index 360149f..1a74d6d 100644 --- a/krb5-1.6.3-kpasswd_tcp.patch +++ b/krb5-1.6.3-kpasswd_tcp.patch @@ -5,7 +5,7 @@ Index: src/lib/krb5/os/changepw.c =================================================================== --- src/lib/krb5/os/changepw.c.orig +++ src/lib/krb5/os/changepw.c -@@ -271,10 +271,22 @@ change_set_password(krb5_context context +@@ -280,10 +280,22 @@ change_set_password(krb5_context context NULL ))) { diff --git a/krb5-1.7-MITKRB5-SA-2010-002.dif b/krb5-1.7-MITKRB5-SA-2010-002.dif deleted file mode 100644 index 79c4e81..0000000 --- a/krb5-1.7-MITKRB5-SA-2010-002.dif +++ /dev/null @@ -1,71 +0,0 @@ -Index: src/lib/gssapi/spnego/spnego_mech.c -=================================================================== ---- src/lib/gssapi/spnego/spnego_mech.c.orig -+++ src/lib/gssapi/spnego/spnego_mech.c -@@ -1576,7 +1576,7 @@ spnego_gss_accept_sec_context( - spnego_gss_ctx_id_t sc = NULL; - spnego_gss_cred_id_t spcred = NULL; - OM_uint32 mechstat = GSS_S_FAILURE; -- int sendTokenInit = 0; -+ int sendTokenInit = 0, tmpret; - - mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER; - -@@ -1609,7 +1609,6 @@ spnego_gss_accept_sec_context( - if (delegated_cred_handle != NULL) - *delegated_cred_handle = GSS_C_NO_CREDENTIAL; - if (input_token->length == 0) { -- sendTokenInit = 1; - ret = acc_ctx_hints(minor_status, - context_handle, spcred, - &mic_out, -@@ -1617,6 +1616,7 @@ spnego_gss_accept_sec_context( - &return_token); - if (ret != GSS_S_COMPLETE) - goto cleanup; -+ sendTokenInit = 1; - ret = GSS_S_CONTINUE_NEEDED; - } else { - /* Can set negState to REQUEST_MIC */ -@@ -1664,27 +1664,21 @@ spnego_gss_accept_sec_context( - &negState, &return_token); - } - cleanup: -- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) { -- /* For acceptor-sends-first send a tokenInit */ -- int tmpret; -- -+ if (return_token == INIT_TOKEN_SEND && sendTokenInit) { - assert(sc != NULL); -- -- if (sendTokenInit) { -- tmpret = make_spnego_tokenInit_msg(sc, -- 1, -- mic_out, -- 0, -- GSS_C_NO_BUFFER, -- return_token, -- output_token); -- } else { -- tmpret = make_spnego_tokenTarg_msg(negState, -- sc ? sc->internal_mech : GSS_C_NO_OID, -- &mechtok_out, mic_out, -- return_token, -- output_token); -- } -+ tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0, -+ GSS_C_NO_BUFFER, -+ return_token, output_token); -+ if (tmpret < 0) -+ ret = GSS_S_FAILURE; -+ } else if (return_token != NO_TOKEN_SEND && -+ return_token != CHECK_MIC) { -+ tmpret = make_spnego_tokenTarg_msg(negState, -+ sc ? sc->internal_mech : -+ GSS_C_NO_OID, -+ &mechtok_out, mic_out, -+ return_token, -+ output_token); - if (tmpret < 0) - ret = GSS_S_FAILURE; - } diff --git a/krb5-1.8-POST.dif b/krb5-1.8-POST.dif deleted file mode 100644 index 14ccdf3..0000000 --- a/krb5-1.8-POST.dif +++ /dev/null @@ -1,315 +0,0 @@ -Index: doc/admin.texinfo -=================================================================== ---- doc/admin.texinfo.orig -+++ doc/admin.texinfo -@@ -516,13 +516,6 @@ DCE do not support the default cache as - Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on - DCE 1.1 systems. The default value is @value{DefaultCcacheType}. - --@ignore --@itemx tkt_lifetime --The default lifetime of a ticket. The default is --@value{DefaultTktLifetime}. This is currently not supported by the --code. --@end ignore -- - @itemx dns_lookup_kdc - Indicate whether DNS SRV records should be used to locate the KDCs and - other servers for a realm, if they are not listed in the information for -@@ -583,6 +576,11 @@ If this flag is set, then an attempt to - fail if the client machine does not have a keytab. The default for the - flag is @value{DefaultVerifyApReqNofail}. - -+@itemx ticket_lifetime -+The value of this tag is the default lifetime for -+initial tickets. The default value for the tag is -+@value{DefaultTktLifetime}. -+ - @itemx renew_lifetime - The value of this tag is the default renewable lifetime for - initial tickets. The default value for the tag is -Index: src/include/krb5/krb5.hin -=================================================================== ---- src/include/krb5/krb5.hin.orig -+++ src/include/krb5/krb5.hin -@@ -1066,7 +1066,7 @@ krb5_verify_checksum(krb5_context contex - #define KRB5_AUTHDATA_SESAME 65 - #define KRB5_AUTHDATA_WIN2K_PAC 128 - #define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */ --#define KRB5_AUTHDATA_SIGNTICKET 142 -+#define KRB5_AUTHDATA_SIGNTICKET 512 /* formerly 142 in krb5 1.8 */ - #define KRB5_AUTHDATA_FX_ARMOR 71 - /* password change constants */ - -@@ -1184,6 +1184,19 @@ typedef struct _krb5_pa_data { - krb5_octet *contents; - } krb5_pa_data; - -+/* typed data */ -+/* -+ * The FAST error handling logic currently assumes that this structure and -+ * krb5_pa_data * can be safely cast to each other if this structure changes, -+ * that code needs to be updated to copy. -+ */ -+typedef struct _krb5_typed_data { -+ krb5_magic magic; -+ krb5_int32 type; -+ unsigned int length; -+ krb5_octet *data; -+} krb5_typed_data; -+ - typedef struct _krb5_kdc_req { - krb5_magic magic; - krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */ -Index: src/include/k5-int-pkinit.h -=================================================================== ---- src/include/k5-int-pkinit.h.orig -+++ src/include/k5-int-pkinit.h -@@ -101,17 +101,6 @@ typedef struct _krb5_trusted_ca { - } u; - } krb5_trusted_ca; - --/* typed data */ --/* The FAST error handling logic currently assumes that this structure and krb5_pa_data * can be safely cast to each other -- * if this structure changes, that code needs to be updated to copy. -- */ --typedef struct _krb5_typed_data { -- krb5_magic magic; -- krb5_int32 type; -- unsigned int length; -- krb5_octet *data; --} krb5_typed_data; -- - /* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */ - typedef struct _krb5_pa_pk_as_req_draft9 { - krb5_octet_data signedAuthPack; -Index: src/kdc/kdc_authdata.c -=================================================================== ---- src/kdc/kdc_authdata.c.orig -+++ src/kdc/kdc_authdata.c -@@ -934,8 +934,12 @@ verify_ad_signedpath(krb5_context contex - enc_sp.length = sp_authdata[0]->length; - - code = decode_krb5_ad_signedpath(&enc_sp, &sp); -- if (code != 0) -+ if (code != 0) { -+ /* Treat an invalid signedpath authdata element as a missing one, since -+ * we believe MS is using the same number for something else. */ -+ code = 0; - goto cleanup; -+ } - - code = verify_ad_signedpath_checksum(context, - krbtgt, -Index: src/kdc/do_tgs_req.c -=================================================================== ---- src/kdc/do_tgs_req.c.orig -+++ src/kdc/do_tgs_req.c -@@ -1215,6 +1215,7 @@ prep_reprocess_req(krb5_kdc_req *request - strlcpy(comp1_str,comp1->data,comp1->length+1); - - if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST || -+ krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_INST || - (krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN && - kdc_active_realm->realm_host_based_services != NULL && - (krb5_match_config_pattern(kdc_active_realm->realm_host_based_services, -Index: src/clients/kpasswd/kpasswd.c -=================================================================== ---- src/clients/kpasswd/kpasswd.c.orig -+++ src/clients/kpasswd/kpasswd.c -@@ -47,7 +47,7 @@ int main(int argc, char *argv[]) - { - krb5_error_code ret; - krb5_context context; -- krb5_principal princ; -+ krb5_principal princ = NULL; - char *pname; - krb5_ccache ccache; - krb5_get_init_creds_opt *opts = NULL; -@@ -84,23 +84,27 @@ int main(int argc, char *argv[]) - com_err(argv[0], ret, "parsing client name"); - exit(1); - } -- } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) { -- if (ret) { -+ } else { -+ ret = krb5_cc_default(context, &ccache); -+ if (ret != 0) { - com_err(argv[0], ret, "opening default ccache"); - exit(1); - } - -- if ((ret = krb5_cc_get_principal(context, ccache, &princ))) { -+ ret = krb5_cc_get_principal(context, ccache, &princ); -+ if (ret != 0 && ret != KRB5_CC_NOTFOUND && ret != KRB5_FCC_NOFILE) { - com_err(argv[0], ret, "getting principal from ccache"); - exit(1); - } - -- if ((ret = krb5_cc_close(context, ccache))) { -+ ret = krb5_cc_close(context, ccache); -+ if (ret != 0) { - com_err(argv[0], ret, "closing ccache"); - exit(1); - } -- } else { -- get_name_from_passwd_file(argv[0], context, &princ); -+ -+ if (princ == NULL) -+ get_name_from_passwd_file(argv[0], context, &princ); - } - - if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) { -Index: src/config-files/krb5.conf.M -=================================================================== ---- src/config-files/krb5.conf.M.orig -+++ src/config-files/krb5.conf.M -@@ -220,6 +220,10 @@ If this flag is set, then an attempt to - fail if the client machine does not have a keytab. The default for the - flag is false. - -+.IP ticket_lifetime -+The value of this tag is the default lifetime for initial tickets. The -+default value for the tag is 1 day (1d). -+ - .IP renew_lifetime - The value of this tag is the default renewable lifetime for initial - tickets. The default value for the tag is 0. -Index: src/lib/gssapi/spnego/spnego_mech.c -=================================================================== ---- src/lib/gssapi/spnego/spnego_mech.c.orig -+++ src/lib/gssapi/spnego/spnego_mech.c -@@ -1687,6 +1687,7 @@ cleanup: - if (sc->internal_name != GSS_C_NO_NAME && - src_name != NULL) { - *src_name = sc->internal_name; -+ sc->internal_name = GSS_C_NO_NAME; - } - release_spnego_ctx(&sc); - } else if (ret != GSS_S_CONTINUE_NEEDED) { -@@ -2572,6 +2573,8 @@ release_spnego_ctx(spnego_gss_ctx_id_t * - (void) generic_gss_release_oid(&minor_stat, - &context->internal_mech); - -+ (void) gss_release_name(&minor_stat, &context->internal_name); -+ - if (context->optionStr != NULL) { - free(context->optionStr); - context->optionStr = NULL; -Index: src/lib/kadm5/srv/svr_principal.c -=================================================================== ---- src/lib/kadm5/srv/svr_principal.c.orig -+++ src/lib/kadm5/srv/svr_principal.c -@@ -858,8 +858,8 @@ kadm5_get_principal(void *server_handle, - if (! (mask & KADM5_MOD_TIME)) - entry->mod_date = 0; - if (! (mask & KADM5_MOD_NAME)) { -- krb5_free_principal(handle->context, entry->principal); -- entry->principal = NULL; -+ krb5_free_principal(handle->context, entry->mod_name); -+ entry->mod_name = NULL; - } - } - -@@ -871,10 +871,12 @@ kadm5_get_principal(void *server_handle, - if (kdb.key_data[i].key_data_kvno > entry->kvno) - entry->kvno = kdb.key_data[i].key_data_kvno; - -- ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist, -- &entry->mkvno); -- if (ret) -- goto done; -+ if (mask & KADM5_MKVNO) { -+ ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist, -+ &entry->mkvno); -+ if (ret) -+ goto done; -+ } - - if (mask & KADM5_MAX_RLIFE) - entry->max_renewable_life = kdb.max_renewable_life; -Index: src/lib/krb5/os/changepw.c -=================================================================== ---- src/lib/krb5/os/changepw.c.orig -+++ src/lib/krb5/os/changepw.c -@@ -65,20 +65,23 @@ locate_kpasswd(krb5_context context, con - int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM); - - code = krb5int_locate_server (context, realm, addrlist, -- locate_service_kpasswd, sockType, AF_INET); -+ locate_service_kpasswd, sockType, AF_UNSPEC); - - if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) { - code = krb5int_locate_server (context, realm, addrlist, - locate_service_kadmin, SOCK_STREAM, -- AF_INET); -+ AF_UNSPEC); - if (!code) { - /* Success with admin_server but now we need to change the - port number to use DEFAULT_KPASSWD_PORT and the socktype. */ - size_t i; - for (i=0; inaddrs; i++) { - struct addrinfo *a = addrlist->addrs[i].ai; -+ krb5_ui_2 kpasswd_port = htons(DEFAULT_KPASSWD_PORT); - if (a->ai_family == AF_INET) -- sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT); -+ sa2sin (a->ai_addr)->sin_port = kpasswd_port; -+ if (a->ai_family == AF_INET6) -+ sa2sin6 (a->ai_addr)->sin6_port = kpasswd_port; - if (sockType != SOCK_STREAM) - a->ai_socktype = sockType; - } -@@ -131,10 +134,16 @@ kpasswd_sendto_msg_callback(struct conn_ - /* some brain-dead OS's don't return useful information from - * the getsockname call. Namely, windows and solaris. */ - -- if (ss2sin(&local_addr)->sin_addr.s_addr != 0) { -+ if (local_addr.ss_family == AF_INET && -+ ss2sin(&local_addr)->sin_addr.s_addr != 0) { - local_kaddr.addrtype = ADDRTYPE_INET; - local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr); - local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr; -+ } else if (local_addr.ss_family == AF_INET6 && -+ ss2sin6(&local_addr)->sin6_addr.s6_addr != 0) { -+ local_kaddr.addrtype = ADDRTYPE_INET6; -+ local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr); -+ local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr; - } else { - krb5_address **addrs; - -@@ -290,9 +299,19 @@ change_set_password(krb5_context context - break; - } - -- remote_kaddr.addrtype = ADDRTYPE_INET; -- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); -- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; -+ if (remote_addr.ss_family == AF_INET) { -+ remote_kaddr.addrtype = ADDRTYPE_INET; -+ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); -+ remote_kaddr.contents = -+ (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; -+ } else if (remote_addr.ss_family == AF_INET6) { -+ remote_kaddr.addrtype = ADDRTYPE_INET6; -+ remote_kaddr.length = sizeof(ss2sin6(&remote_addr)->sin6_addr); -+ remote_kaddr.contents = -+ (krb5_octet *) &ss2sin6(&remote_addr)->sin6_addr; -+ } else { -+ break; -+ } - - if ((code = krb5_auth_con_setaddrs(callback_ctx.context, - callback_ctx.auth_context, -Index: src/lib/krb5/krb/gic_pwd.c -=================================================================== ---- src/lib/krb5/krb/gic_pwd.c.orig -+++ src/lib/krb5/krb/gic_pwd.c -@@ -218,7 +218,7 @@ krb5_get_init_creds_password(krb5_contex - * to prompt. Prompting is only disabled if the option has been set - * and the value has been set to false. - */ -- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) -+ if (options && !(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT)) - goto cleanup; - - /* ok, we have an expired password. Give the user a few chances diff --git a/krb5-1.8-rpmlintrc b/krb5-1.8.1-rpmlintrc similarity index 100% rename from krb5-1.8-rpmlintrc rename to krb5-1.8.1-rpmlintrc diff --git a/krb5-1.8.1.tar.bz2 b/krb5-1.8.1.tar.bz2 new file mode 100644 index 0000000..c5d6fed --- /dev/null +++ b/krb5-1.8.1.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:215e71364b4ac6e49cfb2629a109a2f473845d68643859eccc038834de1f4746 +size 9960127 diff --git a/krb5-1.8.tar.bz2 b/krb5-1.8.tar.bz2 deleted file mode 100644 index 771b1d5..0000000 --- a/krb5-1.8.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:10890ef19905e36e99d82cbe7caa6e8b0875b2a304f9a9e2d05137c87aff8212 -size 9958816 diff --git a/krb5-doc-1.8-rpmlintrc b/krb5-doc-1.8.1-rpmlintrc similarity index 100% rename from krb5-doc-1.8-rpmlintrc rename to krb5-doc-1.8.1-rpmlintrc diff --git a/krb5-doc.changes b/krb5-doc.changes index 7ac797d..042615c 100644 --- a/krb5-doc.changes +++ b/krb5-doc.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Fri Apr 9 12:45:30 CEST 2010 - mc@suse.de + +- update to version 1.8.1 + ------------------------------------------------------------------- Tue Mar 23 12:38:29 CET 2010 - mc@suse.de diff --git a/krb5-doc.spec b/krb5-doc.spec index 86eface..63e4b59 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-doc (Version 1.8) +# spec file for package krb5-doc (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -20,18 +20,17 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive -Version: 1.8 -Release: 2 -%define srcRoot krb5-1.8 +Version: 1.8.1 +Release: 1 +%define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) Url: http://web.mit.edu/kerberos/www/ Group: Documentation/Other -Source: krb5-1.8.tar.bz2 +Source: krb5-1.8.1.tar.bz2 Source3: %{name}-%{version}-rpmlintrc Patch0: krb5-1.3.5-perlfix.dif Patch1: krb5-1.6.3-texi2dvi-fix.dif -Patch2: krb5-1.8-POST.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build BuildArch: noarch @@ -54,7 +53,6 @@ Authors: %setup -n %{srcRoot} %patch0 %patch1 -%patch2 %build diff --git a/krb5-mini.changes b/krb5-mini.changes index c00c208..11e8703 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de + +- update to version 1.8.1 + * include krb5-1.8-POST.dif + * include MITKRB5-SA-2010-002 + +------------------------------------------------------------------- +Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de + +- update krb5-1.8-POST.dif + ------------------------------------------------------------------- Tue Mar 23 14:32:41 CET 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 8c1b700..09d5318 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-mini (Version 1.8) +# spec file for package krb5-mini (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,7 +18,7 @@ # norootforbuild %define build_mini 1 -%define srcRoot krb5-1.8 +%define srcRoot krb5-1.8.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -27,8 +27,8 @@ License: MIT License (or similar) Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel -Version: 1.8 -Release: 2 +Version: 1.8.1 +Release: 1 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -42,7 +42,7 @@ Group: Productivity/Networking/Security Summary: MIT Kerberos5 Implementation--Libraries Group: Productivity/Networking/Security %endif -Source: krb5-1.8.tar.bz2 +Source: krb5-1.8.1.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc @@ -55,8 +55,6 @@ Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif Patch41: krb5-1.6.3-kpasswd_tcp.patch Patch44: krb5-1.6.3-ktutil-manpage.dif Patch46: krb5-1.6.3-fix-ipv6-query.dif -Patch47: krb5-1.7-MITKRB5-SA-2010-002.dif -Patch50: krb5-1.8-POST.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,8 +202,6 @@ Authors: %patch41 %patch44 -p1 %patch46 -p1 -%patch47 -%patch50 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index c00c208..11e8703 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,15 @@ +------------------------------------------------------------------- +Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de + +- update to version 1.8.1 + * include krb5-1.8-POST.dif + * include MITKRB5-SA-2010-002 + +------------------------------------------------------------------- +Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de + +- update krb5-1.8-POST.dif + ------------------------------------------------------------------- Tue Mar 23 14:32:41 CET 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index 2196e63..ec8384f 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5 (Version 1.8) +# spec file for package krb5 (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,7 +18,7 @@ # norootforbuild %define build_mini 0 -%define srcRoot krb5-1.8 +%define srcRoot krb5-1.8.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -27,8 +27,8 @@ License: MIT License (or similar) Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel -Version: 1.8 -Release: 2 +Version: 1.8.1 +Release: 1 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -42,7 +42,7 @@ Group: Productivity/Networking/Security Summary: MIT Kerberos5 Implementation--Libraries Group: Productivity/Networking/Security %endif -Source: krb5-1.8.tar.bz2 +Source: krb5-1.8.1.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc @@ -55,8 +55,6 @@ Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif Patch41: krb5-1.6.3-kpasswd_tcp.patch Patch44: krb5-1.6.3-ktutil-manpage.dif Patch46: krb5-1.6.3-fix-ipv6-query.dif -Patch47: krb5-1.7-MITKRB5-SA-2010-002.dif -Patch50: krb5-1.8-POST.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -204,8 +202,6 @@ Authors: %patch41 %patch44 -p1 %patch46 -p1 -%patch47 -%patch50 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do