* Add client support for the Kerberos Cache Manager protocol. If the host

* Add support for doing unlocked database dumps for the DB2 KDC back end, * krb5-1.7-doublelog.patch - Work around replay cache creation race; (bnc#898439). krb5-1.13-work-around-replay-cache-creation-race.patch - bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal - added patches: * bnc#897874-CVE-2014-5351.diff OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=141
2015-05-22 09:22:57 +00:00 · 2015-05-22 09:22:57 +00:00 · 8103840325
commit 8103840325
parent cdaf49db88
4 changed files with 48 additions and 8 deletions
--- a/krb5-1.13.2.tar.sig
+++ b/krb5-1.13.2.tar.sig
@ -0,0 +1,14 @@
+-----BEGIN PGP SIGNATURE-----
+Version: GnuPG v1
+
+iQGcBAABAgAGBQJVTUldAAoJEKMvF/0AVcMF9IoMAIEawAFZ1pRw91oRN6c3eAxy
+RYBuJWsEa73JtqKCRtz7LA3qgacnJ8FGTpXaGHB3zErO55+Bclo1KZsUoNDtT27O
+bxjsptPBjp15zTZhavlIpAjANFmo6QpghUHpLNcLxH8pXgmQDztHnPaenStxF8Bv
+P2oFKh31uY3gYzOKnYi/r14XKSTNpFiDiGty53KY61efAO4H7xRFMhBgN2Vv1pBm
+FvekjCWRypN7ai2z+94cuVNIlu8eipDnU4oBb865fRKlflxCdpBmHLr1K5AgwSEb
+OAvDUPAEV9GwBP94M0yAoPwGf5ZHPvdORXbHfX00lzX2SgV+9DH4BqJOnytOeuaT
+PA1Z+7izF+Xja4iHMcYlyJ7a/sGWachlZrw2ifELlYUf4vtcPY5e6gH0hSMUoA7t
+Ww18ryv5fPHT1l+/o2P03hzZSFllOXjVsComsfw6Ws7qzbFuigpiVYdBg1XKMi9L
+kjA7j43FTHvVKjtrEubiW+YHxowQHu5DIeQWVqsBJg==
+=KdUH
+-----END PGP SIGNATURE-----
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -33,6 +33,11 @@ This is a bug fix release.

 * Improve documentation.

+-------------------------------------------------------------------
+Thu Apr 23 14:13:03 UTC 2015 - hguo@suse.com
+
+- Use externally built libverto
+
 -------------------------------------------------------------------
 Wed Feb 18 11:48:46 UTC 2015 - michael@stroeder.com

@ -49,8 +54,9 @@ This is a bug fix release.
 * Fix multiple kadmind vulnerabilities, some of which are based in the
  gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421
  CVE-2014-9422 CVE-2014-9423]
+
 -------------------------------------------------------------------
-Tue Jan  6 07:20:54 UTC 2015 - mlin@suse.com
+Tue Jan  6 07:12:29 UTC 2015 - mlin@suse.com

 - Update to krb5 1.13
  * Add support for accessing KDCs via an HTTPS proxy server using the
@ -65,12 +71,12 @@ Tue Jan  6 07:20:54 UTC 2015 - mlin@suse.com
  * The KDC listens for TCP connections by default.
  * Fix a minor key disclosure vulnerability where using the "keepold" option
    to the kadmin randkey operation could return the old keys. [CVE-2014-5351]
-  * Add client support for the Kerberos Cache Manager protocol. If the host 
+  * Add client support for the Kerberos Cache Manager protocol. If the host
    is running a Heimdal kcm daemon, caches served by the daemon can be
    accessed with the KCM: cache type.
  * When built on OS X 10.7 and higher, use "KCM:" as the default cache type,
    unless overridden by command-line options or krb5-config values.
-  * Add support for doing unlocked database dumps for the DB2 KDC back end, 
+  * Add support for doing unlocked database dumps for the DB2 KDC back end,
    which would allow the KDC and kadmind to continue accessing the database
    during lengthy database dumps.
 - Removed patches, useless or upstreamed
@ -83,9 +89,21 @@ Tue Jan  6 07:20:54 UTC 2015 - mlin@suse.com
 - Refreshed patches
  * krb5-1.12-pam.patch
  * krb5-1.12-selinux-label.patch
-  * krb5-1.7-doublelog.patch 
+  * krb5-1.7-doublelog.patch

 -------------------------------------------------------------------
+Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com
+
+- Work around replay cache creation race; (bnc#898439).
+  krb5-1.13-work-around-replay-cache-creation-race.patch
+
+-------------------------------------------------------------------
+Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
+
+-  bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
+- added patches:
+  * bnc#897874-CVE-2014-5351.diff
+-------------------------------------------------------------------
 Sat Aug 30 22:29:28 UTC 2014 - andreas.stieger@gmx.de

 - krb5 5.12.2:
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -39,6 +39,7 @@ Obsoletes:      krb5-plugin-preauth-pkinit-nss
 %if ! 0%{?build_mini}
 BuildRequires:  doxygen
 BuildRequires:  libopenssl-devel
+BuildRequires:  libverto-devel
 BuildRequires:  openldap2-devel
 BuildRequires:  pam-devel
 BuildRequires:  python-Cheetah
@ -65,6 +66,9 @@ Conflicts:      krb5-plugin-preauth-pkinit
 Conflicts:      krb5-plugin-preauth-otp
 %endif
 Source:         krb5-%{version}.tar.gz
+# URL is actually http://web.mit.edu/kerberos/krb5-1.13/krb5-%version.sig
+# but it is the signature of the tarball
+Source42:       krb5-%version.tar.sig
 Source1:        vendor-files.tar.bz2
 Source2:        baselibs.conf
 Source5:        krb5-rpmlintrc
@ -105,6 +109,8 @@ client programs, like kinit, kadmin, ...
 Summary:        MIT Kerberos5 implementation - server
 Group:          Productivity/Networking/Security
 Requires:       cron
+Requires:       libverto
+Requires:       libverto-libev
 Requires:       logrotate
 Requires:       perl-Date-Calc
 %{?systemd_requires}
@ -163,6 +169,7 @@ Group:          Development/Libraries/C and C++
 PreReq:         %{name} = %{version}
 Requires:       keyutils-devel
 Requires:       libcom_err-devel
+Requires:       libverto-devel
 # bug437293
 %ifarch ppc64
 Obsoletes:      krb5-devel-64bit
@ -231,7 +238,8 @@ DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
 %endif
        --with-selinux \
        --with-system-et \
-        --with-system-ss
+        --with-system-ss \
+        --with-system-verto
 %{__make} %{?_smp_mflags}
 %if ! 0%{?build_mini}
 cd doc
@ -451,7 +459,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so
 %{_libdir}/libkdb5.so
 %{_libdir}/libkrb5.so
 %{_libdir}/libkrb5support.so
-%{_libdir}/libverto.so
 %{_libdir}/libkrad.so
 %{_libdir}/pkgconfig/gssrpc.pc
 %{_libdir}/pkgconfig/kadm-client.pc
@ -511,7 +518,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
-%{_libdir}/libverto.so.*
 %{_libdir}/libkrad.so.*
 %{_libdir}/krb5/plugins/kdb/*
 %{_libdir}/krb5/plugins/tls/*
@ -585,7 +591,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
-%{_libdir}/libverto.so.*
 %{_libdir}/libkrad.so.*

 %files server
--- a/krb5.spec
+++ b/krb5.spec
@ -66,6 +66,9 @@ Conflicts:      krb5-plugin-preauth-pkinit
 Conflicts:      krb5-plugin-preauth-otp
 %endif
 Source:         krb5-%{version}.tar.gz
+# URL is actually http://web.mit.edu/kerberos/krb5-1.13/krb5-%version.sig
+# but it is the signature of the tarball
+Source42:       krb5-%version.tar.sig
 Source1:        vendor-files.tar.bz2
 Source2:        baselibs.conf
 Source5:        krb5-rpmlintrc