rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 37899 from network

Browse Source 
checked in (request 37899)

OBS-URL: https://build.opensuse.org/request/show/37899
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=20
This commit is contained in:
OBS User autobuild 2010-04-14 13:16:16 +00:00 committed by Git OBS Bridge
parent b2c5cb8b2a
commit 8f6bba81c7
13 changed files with 412 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
krb5-1.6.3-kpasswd_tcp.patch
View File

@ -5,7 +5,7 @@ Index: src/lib/krb5/os/changepw.c
===================================================================
--- src/lib/krb5/os/changepw.c.orig
+++ src/lib/krb5/os/changepw.c
@@ -280,10 +280,22 @@ change_set_password(krb5_context context
@@ -271,10 +271,22 @@ change_set_password(krb5_context context
NULL
))) {

71
krb5-1.7-MITKRB5-SA-2010-002.dif Normal file
View File

@ -0,0 +1,71 @@
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c.orig
+++ src/lib/gssapi/spnego/spnego_mech.c
@@ -1576,7 +1576,7 @@ spnego_gss_accept_sec_context(
spnego_gss_ctx_id_t sc = NULL;
spnego_gss_cred_id_t spcred = NULL;
OM_uint32 mechstat = GSS_S_FAILURE;
- int sendTokenInit = 0;
+ int sendTokenInit = 0, tmpret;
mechtok_in = mic_in = mic_out = GSS_C_NO_BUFFER;
@@ -1609,7 +1609,6 @@ spnego_gss_accept_sec_context(
if (delegated_cred_handle != NULL)
*delegated_cred_handle = GSS_C_NO_CREDENTIAL;
if (input_token->length == 0) {
- sendTokenInit = 1;
ret = acc_ctx_hints(minor_status,
context_handle, spcred,
&mic_out,
@@ -1617,6 +1616,7 @@ spnego_gss_accept_sec_context(
&return_token);
if (ret != GSS_S_COMPLETE)
goto cleanup;
+ sendTokenInit = 1;
ret = GSS_S_CONTINUE_NEEDED;
} else {
/* Can set negState to REQUEST_MIC */
@@ -1664,27 +1664,21 @@ spnego_gss_accept_sec_context(
&negState, &return_token);
}
cleanup:
- if (return_token != NO_TOKEN_SEND && return_token != CHECK_MIC) {
- /* For acceptor-sends-first send a tokenInit */
- int tmpret;
-
+ if (return_token == INIT_TOKEN_SEND && sendTokenInit) {
assert(sc != NULL);
-
- if (sendTokenInit) {
- tmpret = make_spnego_tokenInit_msg(sc,
- 1,
- mic_out,
- 0,
- GSS_C_NO_BUFFER,
- return_token,
- output_token);
- } else {
- tmpret = make_spnego_tokenTarg_msg(negState,
- sc ? sc->internal_mech : GSS_C_NO_OID,
- &mechtok_out, mic_out,
- return_token,
- output_token);
- }
+ tmpret = make_spnego_tokenInit_msg(sc, 1, mic_out, 0,
+ GSS_C_NO_BUFFER,
+ return_token, output_token);
+ if (tmpret < 0)
+ ret = GSS_S_FAILURE;
+ } else if (return_token != NO_TOKEN_SEND &&
+ return_token != CHECK_MIC) {
+ tmpret = make_spnego_tokenTarg_msg(negState,
+ sc ? sc->internal_mech :
+ GSS_C_NO_OID,
+ &mechtok_out, mic_out,
+ return_token,
+ output_token);
if (tmpret < 0)
ret = GSS_S_FAILURE;
}

315
krb5-1.8-POST.dif Normal file
View File

@ -0,0 +1,315 @@
Index: doc/admin.texinfo
===================================================================
--- doc/admin.texinfo.orig
+++ doc/admin.texinfo
@@ -516,13 +516,6 @@ DCE do not support the default cache as
Kerberos. Use a value of 1 on DCE 1.0.3a systems, and a value of 2 on
DCE 1.1 systems. The default value is @value{DefaultCcacheType}.
-@ignore
-@itemx tkt_lifetime
-The default lifetime of a ticket. The default is
-@value{DefaultTktLifetime}. This is currently not supported by the
-code.
-@end ignore
-
@itemx dns_lookup_kdc
Indicate whether DNS SRV records should be used to locate the KDCs and
other servers for a realm, if they are not listed in the information for
@@ -583,6 +576,11 @@ If this flag is set, then an attempt to
fail if the client machine does not have a keytab. The default for the
flag is @value{DefaultVerifyApReqNofail}.
+@itemx ticket_lifetime
+The value of this tag is the default lifetime for
+initial tickets. The default value for the tag is
+@value{DefaultTktLifetime}.
+
@itemx renew_lifetime
The value of this tag is the default renewable lifetime for
initial tickets. The default value for the tag is
Index: src/include/krb5/krb5.hin
===================================================================
--- src/include/krb5/krb5.hin.orig
+++ src/include/krb5/krb5.hin
@@ -1066,7 +1066,7 @@ krb5_verify_checksum(krb5_context contex
#define KRB5_AUTHDATA_SESAME 65
#define KRB5_AUTHDATA_WIN2K_PAC 128
#define KRB5_AUTHDATA_ETYPE_NEGOTIATION 129 /* RFC 4537 */
-#define KRB5_AUTHDATA_SIGNTICKET 142
+#define KRB5_AUTHDATA_SIGNTICKET 512 /* formerly 142 in krb5 1.8 */
#define KRB5_AUTHDATA_FX_ARMOR 71
/* password change constants */
@@ -1184,6 +1184,19 @@ typedef struct _krb5_pa_data {
krb5_octet *contents;
} krb5_pa_data;
+/* typed data */
+/*
+ * The FAST error handling logic currently assumes that this structure and
+ * krb5_pa_data * can be safely cast to each other if this structure changes,
+ * that code needs to be updated to copy.
+ */
+typedef struct _krb5_typed_data {
+ krb5_magic magic;
+ krb5_int32 type;
+ unsigned int length;
+ krb5_octet *data;
+} krb5_typed_data;
+
typedef struct _krb5_kdc_req {
krb5_magic magic;
krb5_msgtype msg_type; /* AS_REQ or TGS_REQ? */
Index: src/include/k5-int-pkinit.h
===================================================================
--- src/include/k5-int-pkinit.h.orig
+++ src/include/k5-int-pkinit.h
@@ -101,17 +101,6 @@ typedef struct _krb5_trusted_ca {
} u;
} krb5_trusted_ca;
-/* typed data */
-/* The FAST error handling logic currently assumes that this structure and krb5_pa_data * can be safely cast to each other
- * if this structure changes, that code needs to be updated to copy.
- */
-typedef struct _krb5_typed_data {
- krb5_magic magic;
- krb5_int32 type;
- unsigned int length;
- krb5_octet *data;
-} krb5_typed_data;
-
/* PA-PK-AS-REQ (Draft 9 -- PA TYPE 14) */
typedef struct _krb5_pa_pk_as_req_draft9 {
krb5_octet_data signedAuthPack;
Index: src/kdc/kdc_authdata.c
===================================================================
--- src/kdc/kdc_authdata.c.orig
+++ src/kdc/kdc_authdata.c
@@ -934,8 +934,12 @@ verify_ad_signedpath(krb5_context contex
enc_sp.length = sp_authdata[0]->length;
code = decode_krb5_ad_signedpath(&enc_sp, &sp);
- if (code != 0)
+ if (code != 0) {
+ /* Treat an invalid signedpath authdata element as a missing one, since
+ * we believe MS is using the same number for something else. */
+ code = 0;
goto cleanup;
+ }
code = verify_ad_signedpath_checksum(context,
krbtgt,
Index: src/kdc/do_tgs_req.c
===================================================================
--- src/kdc/do_tgs_req.c.orig
+++ src/kdc/do_tgs_req.c
@@ -1215,6 +1215,7 @@ prep_reprocess_req(krb5_kdc_req *request
strlcpy(comp1_str,comp1->data,comp1->length+1);
if ((krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_HST ||
+ krb5_princ_type(kdc_context, request->server) == KRB5_NT_SRV_INST ||
(krb5_princ_type(kdc_context, request->server) == KRB5_NT_UNKNOWN &&
kdc_active_realm->realm_host_based_services != NULL &&
(krb5_match_config_pattern(kdc_active_realm->realm_host_based_services,
Index: src/clients/kpasswd/kpasswd.c
===================================================================
--- src/clients/kpasswd/kpasswd.c.orig
+++ src/clients/kpasswd/kpasswd.c
@@ -47,7 +47,7 @@ int main(int argc, char *argv[])
{
krb5_error_code ret;
krb5_context context;
- krb5_principal princ;
+ krb5_principal princ = NULL;
char *pname;
krb5_ccache ccache;
krb5_get_init_creds_opt *opts = NULL;
@@ -84,23 +84,27 @@ int main(int argc, char *argv[])
com_err(argv[0], ret, "parsing client name");
exit(1);
}
- } else if ((ret = krb5_cc_default(context, &ccache)) != KRB5_CC_NOTFOUND) {
- if (ret) {
+ } else {
+ ret = krb5_cc_default(context, &ccache);
+ if (ret != 0) {
com_err(argv[0], ret, "opening default ccache");
exit(1);
}
- if ((ret = krb5_cc_get_principal(context, ccache, &princ))) {
+ ret = krb5_cc_get_principal(context, ccache, &princ);
+ if (ret != 0 && ret != KRB5_CC_NOTFOUND && ret != KRB5_FCC_NOFILE) {
com_err(argv[0], ret, "getting principal from ccache");
exit(1);
}
- if ((ret = krb5_cc_close(context, ccache))) {
+ ret = krb5_cc_close(context, ccache);
+ if (ret != 0) {
com_err(argv[0], ret, "closing ccache");
exit(1);
}
- } else {
- get_name_from_passwd_file(argv[0], context, &princ);
+
+ if (princ == NULL)
+ get_name_from_passwd_file(argv[0], context, &princ);
}
if ((ret = krb5_get_init_creds_opt_alloc(context, &opts))) {
Index: src/config-files/krb5.conf.M
===================================================================
--- src/config-files/krb5.conf.M.orig
+++ src/config-files/krb5.conf.M
@@ -220,6 +220,10 @@ If this flag is set, then an attempt to
fail if the client machine does not have a keytab. The default for the
flag is false.
+.IP ticket_lifetime
+The value of this tag is the default lifetime for initial tickets. The
+default value for the tag is 1 day (1d).
+
.IP renew_lifetime
The value of this tag is the default renewable lifetime for initial
tickets. The default value for the tag is 0.
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c.orig
+++ src/lib/gssapi/spnego/spnego_mech.c
@@ -1687,6 +1687,7 @@ cleanup:
if (sc->internal_name != GSS_C_NO_NAME &&
src_name != NULL) {
*src_name = sc->internal_name;
+ sc->internal_name = GSS_C_NO_NAME;
}
release_spnego_ctx(&sc);
} else if (ret != GSS_S_CONTINUE_NEEDED) {
@@ -2572,6 +2573,8 @@ release_spnego_ctx(spnego_gss_ctx_id_t *
(void) generic_gss_release_oid(&minor_stat,
&context->internal_mech);
+ (void) gss_release_name(&minor_stat, &context->internal_name);
+
if (context->optionStr != NULL) {
free(context->optionStr);
context->optionStr = NULL;
Index: src/lib/kadm5/srv/svr_principal.c
===================================================================
--- src/lib/kadm5/srv/svr_principal.c.orig
+++ src/lib/kadm5/srv/svr_principal.c
@@ -858,8 +858,8 @@ kadm5_get_principal(void *server_handle,
if (! (mask & KADM5_MOD_TIME))
entry->mod_date = 0;
if (! (mask & KADM5_MOD_NAME)) {
- krb5_free_principal(handle->context, entry->principal);
- entry->principal = NULL;
+ krb5_free_principal(handle->context, entry->mod_name);
+ entry->mod_name = NULL;
}
}
@@ -871,10 +871,12 @@ kadm5_get_principal(void *server_handle,
if (kdb.key_data[i].key_data_kvno > entry->kvno)
entry->kvno = kdb.key_data[i].key_data_kvno;
- ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist,
- &entry->mkvno);
- if (ret)
- goto done;
+ if (mask & KADM5_MKVNO) {
+ ret = krb5_dbe_get_mkvno(handle->context, &kdb, master_keylist,
+ &entry->mkvno);
+ if (ret)
+ goto done;
+ }
if (mask & KADM5_MAX_RLIFE)
entry->max_renewable_life = kdb.max_renewable_life;
Index: src/lib/krb5/os/changepw.c
===================================================================
--- src/lib/krb5/os/changepw.c.orig
+++ src/lib/krb5/os/changepw.c
@@ -65,20 +65,23 @@ locate_kpasswd(krb5_context context, con
int sockType = (useTcp ? SOCK_STREAM : SOCK_DGRAM);
code = krb5int_locate_server (context, realm, addrlist,
- locate_service_kpasswd, sockType, AF_INET);
+ locate_service_kpasswd, sockType, AF_UNSPEC);
if (code == KRB5_REALM_CANT_RESOLVE || code == KRB5_REALM_UNKNOWN) {
code = krb5int_locate_server (context, realm, addrlist,
locate_service_kadmin, SOCK_STREAM,
- AF_INET);
+ AF_UNSPEC);
if (!code) {
/* Success with admin_server but now we need to change the
port number to use DEFAULT_KPASSWD_PORT and the socktype. */
size_t i;
for (i=0; i<addrlist->naddrs; i++) {
struct addrinfo *a = addrlist->addrs[i].ai;
+ krb5_ui_2 kpasswd_port = htons(DEFAULT_KPASSWD_PORT);
if (a->ai_family == AF_INET)
- sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
+ sa2sin (a->ai_addr)->sin_port = kpasswd_port;
+ if (a->ai_family == AF_INET6)
+ sa2sin6 (a->ai_addr)->sin6_port = kpasswd_port;
if (sockType != SOCK_STREAM)
a->ai_socktype = sockType;
}
@@ -131,10 +134,16 @@ kpasswd_sendto_msg_callback(struct conn_
/* some brain-dead OS's don't return useful information from
* the getsockname call. Namely, windows and solaris. */
- if (ss2sin(&local_addr)->sin_addr.s_addr != 0) {
+ if (local_addr.ss_family == AF_INET &&
+ ss2sin(&local_addr)->sin_addr.s_addr != 0) {
local_kaddr.addrtype = ADDRTYPE_INET;
local_kaddr.length = sizeof(ss2sin(&local_addr)->sin_addr);
local_kaddr.contents = (krb5_octet *) &ss2sin(&local_addr)->sin_addr;
+ } else if (local_addr.ss_family == AF_INET6 &&
+ ss2sin6(&local_addr)->sin6_addr.s6_addr != 0) {
+ local_kaddr.addrtype = ADDRTYPE_INET6;
+ local_kaddr.length = sizeof(ss2sin6(&local_addr)->sin6_addr);
+ local_kaddr.contents = (krb5_octet *) &ss2sin6(&local_addr)->sin6_addr;
} else {
krb5_address **addrs;
@@ -290,9 +299,19 @@ change_set_password(krb5_context context
break;
}
- remote_kaddr.addrtype = ADDRTYPE_INET;
- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+ if (remote_addr.ss_family == AF_INET) {
+ remote_kaddr.addrtype = ADDRTYPE_INET;
+ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+ remote_kaddr.contents =
+ (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+ } else if (remote_addr.ss_family == AF_INET6) {
+ remote_kaddr.addrtype = ADDRTYPE_INET6;
+ remote_kaddr.length = sizeof(ss2sin6(&remote_addr)->sin6_addr);
+ remote_kaddr.contents =
+ (krb5_octet *) &ss2sin6(&remote_addr)->sin6_addr;
+ } else {
+ break;
+ }
if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
callback_ctx.auth_context,
Index: src/lib/krb5/krb/gic_pwd.c
===================================================================
--- src/lib/krb5/krb/gic_pwd.c.orig
+++ src/lib/krb5/krb/gic_pwd.c
@@ -218,7 +218,7 @@ krb5_get_init_creds_password(krb5_contex
* to prompt. Prompting is only disabled if the option has been set
* and the value has been set to false.
*/
- if (!(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
+ if (options && !(options->flags & KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT))
goto cleanup;
/* ok, we have an expired password. Give the user a few chances

0
krb5-1.8.1-rpmlintrc → krb5-1.8-rpmlintrc
View File

3
krb5-1.8.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:215e71364b4ac6e49cfb2629a109a2f473845d68643859eccc038834de1f4746
size 9960127

3
krb5-1.8.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:10890ef19905e36e99d82cbe7caa6e8b0875b2a304f9a9e2d05137c87aff8212
size 9958816

0
krb5-doc-1.8.1-rpmlintrc → krb5-doc-1.8-rpmlintrc
View File

5
krb5-doc.changes
View File

@ -1,8 +1,3 @@
-------------------------------------------------------------------
Fri Apr 9 12:45:30 CEST 2010 - mc@suse.de
- update to version 1.8.1
-------------------------------------------------------------------
Tue Mar 23 12:38:29 CET 2010 - mc@suse.de

10
krb5-doc.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-doc (Version 1.8.1)
# spec file for package krb5-doc (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -20,17 +20,18 @@
Name: krb5-doc
BuildRequires: ghostscript-library latex2html texlive
Version: 1.8.1
Version: 1.8
Release: 2
%define srcRoot krb5-1.8.1
%define srcRoot krb5-1.8
Summary: MIT Kerberos5 Implementation--Documentation
License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
Group: Documentation/Other
Source: krb5-1.8.1.tar.bz2
Source: krb5-1.8.tar.bz2
Source3: %{name}-%{version}-rpmlintrc
Patch0: krb5-1.3.5-perlfix.dif
Patch1: krb5-1.6.3-texi2dvi-fix.dif
Patch2: krb5-1.8-POST.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
BuildArch: noarch
@ -53,6 +54,7 @@ Authors:
%setup -n %{srcRoot}
%patch0
%patch1
%patch2
%build

12
krb5-mini.changes
View File

@ -1,15 +1,3 @@
-------------------------------------------------------------------
Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de
- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
-------------------------------------------------------------------
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
- update krb5-1.8-POST.dif
-------------------------------------------------------------------
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de

12
krb5-mini.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5 (Version 1.8.1)
# spec file for package krb5-mini (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,7 +18,7 @@
# norootforbuild
%define build_mini 1
%define srcRoot krb5-1.8.1
%define srcRoot krb5-1.8
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -27,7 +27,7 @@ License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.8.1
Version: 1.8
Release: 2
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
@ -42,7 +42,7 @@ Group: Productivity/Networking/Security
Summary: MIT Kerberos5 Implementation--Libraries
Group: Productivity/Networking/Security
%endif
Source: krb5-1.8.1.tar.bz2
Source: krb5-1.8.tar.bz2
Source1: vendor-files.tar.bz2
Source2: baselibs.conf
Source5: krb5-%{version}-rpmlintrc
@ -55,6 +55,8 @@ Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch41: krb5-1.6.3-kpasswd_tcp.patch
Patch44: krb5-1.6.3-ktutil-manpage.dif
Patch46: krb5-1.6.3-fix-ipv6-query.dif
Patch47: krb5-1.7-MITKRB5-SA-2010-002.dif
Patch50: krb5-1.8-POST.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -202,6 +204,8 @@ Authors:
%patch41
%patch44 -p1
%patch46 -p1
%patch47
%patch50
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do

12
krb5.changes
View File

@ -1,15 +1,3 @@
-------------------------------------------------------------------
Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de
- update to version 1.8.1
* include krb5-1.8-POST.dif
* include MITKRB5-SA-2010-002
-------------------------------------------------------------------
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
- update krb5-1.8-POST.dif
-------------------------------------------------------------------
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de

12
krb5.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5 (Version 1.8.1)
# spec file for package krb5 (Version 1.8)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,7 +18,7 @@
# norootforbuild
%define build_mini 0
%define srcRoot krb5-1.8.1
%define srcRoot krb5-1.8
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -27,7 +27,7 @@ License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.8.1
Version: 1.8
Release: 2
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
@ -42,7 +42,7 @@ Group: Productivity/Networking/Security
Summary: MIT Kerberos5 Implementation--Libraries
Group: Productivity/Networking/Security
%endif
Source: krb5-1.8.1.tar.bz2
Source: krb5-1.8.tar.bz2
Source1: vendor-files.tar.bz2
Source2: baselibs.conf
Source5: krb5-%{version}-rpmlintrc
@ -55,6 +55,8 @@ Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch41: krb5-1.6.3-kpasswd_tcp.patch
Patch44: krb5-1.6.3-ktutil-manpage.dif
Patch46: krb5-1.6.3-fix-ipv6-query.dif
Patch47: krb5-1.7-MITKRB5-SA-2010-002.dif
Patch50: krb5-1.8-POST.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -202,6 +204,8 @@ Authors:
%patch41
%patch44 -p1
%patch46 -p1
%patch47
%patch50
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do