Accepting request 674895 from network
OBS-URL: https://build.opensuse.org/request/show/674895 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=138
This commit is contained in:
commit
9cfbbfdef3
@ -1,3 +1,10 @@
|
|||||||
|
From 333d843912825435da5c3e62807efb6753946be1 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:05:56 +0100
|
||||||
|
Subject: [PATCH 1/9] krb5-1.12-pam
|
||||||
|
|
||||||
|
Import krb5-1.12-pam.patch
|
||||||
|
|
||||||
Modify ksu so that it performs account and session management on behalf of
|
Modify ksu so that it performs account and session management on behalf of
|
||||||
the target user account, mimicking the action of regular su. The default
|
the target user account, mimicking the action of regular su. The default
|
||||||
service name is "ksu", because on Fedora at least the configuration used
|
service name is "ksu", because on Fedora at least the configuration used
|
||||||
@ -10,10 +17,22 @@ When enabled, ksu gains a dependency on libpam.
|
|||||||
|
|
||||||
Originally RT#5939, though it's changed since then to perform the account
|
Originally RT#5939, though it's changed since then to perform the account
|
||||||
and session management before dropping privileges.
|
and session management before dropping privileges.
|
||||||
|
---
|
||||||
|
src/aclocal.m4 | 67 +++++++
|
||||||
|
src/clients/ksu/Makefile.in | 8 +-
|
||||||
|
src/clients/ksu/main.c | 94 ++++++++-
|
||||||
|
src/clients/ksu/pam.c | 389 ++++++++++++++++++++++++++++++++++++
|
||||||
|
src/clients/ksu/pam.h | 57 ++++++
|
||||||
|
src/configure.in | 2 +
|
||||||
|
6 files changed, 614 insertions(+), 3 deletions(-)
|
||||||
|
create mode 100644 src/clients/ksu/pam.c
|
||||||
|
create mode 100644 src/clients/ksu/pam.h
|
||||||
|
|
||||||
--- krb5-1.13.orig/src/aclocal.m4
|
diff --git a/src/aclocal.m4 b/src/aclocal.m4
|
||||||
+++ krb5-1.13/src/aclocal.m4
|
index 3752d9bd5..340546d80 100644
|
||||||
@@ -1671,3 +1671,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
|
--- a/src/aclocal.m4
|
||||||
|
+++ b/src/aclocal.m4
|
||||||
|
@@ -1697,3 +1697,70 @@ AC_DEFUN(KRB5_AC_PERSISTENT_KEYRING,[
|
||||||
]))
|
]))
|
||||||
])dnl
|
])dnl
|
||||||
dnl
|
dnl
|
||||||
@ -84,8 +103,48 @@ and session management before dropping privileges.
|
|||||||
+AC_SUBST(PAM_MAN)
|
+AC_SUBST(PAM_MAN)
|
||||||
+AC_SUBST(NON_PAM_MAN)
|
+AC_SUBST(NON_PAM_MAN)
|
||||||
+])dnl
|
+])dnl
|
||||||
--- krb5-1.13.orig/src/clients/ksu/main.c
|
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
|
||||||
+++ krb5-1.13/src/clients/ksu/main.c
|
index b2fcbf240..5755bb58a 100644
|
||||||
|
--- a/src/clients/ksu/Makefile.in
|
||||||
|
+++ b/src/clients/ksu/Makefile.in
|
||||||
|
@@ -3,12 +3,14 @@ BUILDTOP=$(REL)..$(S)..
|
||||||
|
DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
|
||||||
|
|
||||||
|
KSU_LIBS=@KSU_LIBS@
|
||||||
|
+PAM_LIBS=@PAM_LIBS@
|
||||||
|
|
||||||
|
SRCS = \
|
||||||
|
$(srcdir)/krb_auth_su.c \
|
||||||
|
$(srcdir)/ccache.c \
|
||||||
|
$(srcdir)/authorization.c \
|
||||||
|
$(srcdir)/main.c \
|
||||||
|
+ $(srcdir)/pam.c \
|
||||||
|
$(srcdir)/heuristic.c \
|
||||||
|
$(srcdir)/xmalloc.c \
|
||||||
|
$(srcdir)/setenv.c
|
||||||
|
@@ -17,13 +19,17 @@ OBJS = \
|
||||||
|
ccache.o \
|
||||||
|
authorization.o \
|
||||||
|
main.o \
|
||||||
|
+ pam.o \
|
||||||
|
heuristic.o \
|
||||||
|
xmalloc.o @SETENVOBJ@
|
||||||
|
|
||||||
|
all: ksu
|
||||||
|
|
||||||
|
ksu: $(OBJS) $(KRB5_BASE_DEPLIBS)
|
||||||
|
- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS)
|
||||||
|
+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS)
|
||||||
|
+
|
||||||
|
+pam.o: pam.c
|
||||||
|
+ $(CC) $(ALL_CFLAGS) -c $<
|
||||||
|
|
||||||
|
clean:
|
||||||
|
$(RM) ksu
|
||||||
|
diff --git a/src/clients/ksu/main.c b/src/clients/ksu/main.c
|
||||||
|
index d9596d948..7a0c7e48b 100644
|
||||||
|
--- a/src/clients/ksu/main.c
|
||||||
|
+++ b/src/clients/ksu/main.c
|
||||||
@@ -26,6 +26,7 @@
|
@@ -26,6 +26,7 @@
|
||||||
* KSU was writen by: Ari Medvinsky, ari@isi.edu
|
* KSU was writen by: Ari Medvinsky, ari@isi.edu
|
||||||
*/
|
*/
|
||||||
@ -113,7 +172,7 @@ and session management before dropping privileges.
|
|||||||
/***********/
|
/***********/
|
||||||
|
|
||||||
#define KS_TEMPORARY_CACHE "MEMORY:_ksu"
|
#define KS_TEMPORARY_CACHE "MEMORY:_ksu"
|
||||||
@@ -519,6 +525,25 @@ main (argc, argv)
|
@@ -528,6 +534,25 @@ main (argc, argv)
|
||||||
prog_name,target_user,client_name,
|
prog_name,target_user,client_name,
|
||||||
source_user,ontty());
|
source_user,ontty());
|
||||||
|
|
||||||
@ -139,7 +198,7 @@ and session management before dropping privileges.
|
|||||||
/* Run authorization as target.*/
|
/* Run authorization as target.*/
|
||||||
if (krb5_seteuid(target_uid)) {
|
if (krb5_seteuid(target_uid)) {
|
||||||
com_err(prog_name, errno, _("while switching to target for "
|
com_err(prog_name, errno, _("while switching to target for "
|
||||||
@@ -587,6 +612,26 @@ main (argc, argv)
|
@@ -596,6 +621,26 @@ main (argc, argv)
|
||||||
com_err(prog_name,retval, _("while calling cc_filter"));
|
com_err(prog_name,retval, _("while calling cc_filter"));
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
@ -166,7 +225,7 @@ and session management before dropping privileges.
|
|||||||
}
|
}
|
||||||
|
|
||||||
if (all_rest_copy){
|
if (all_rest_copy){
|
||||||
@@ -636,6 +681,32 @@ main (argc, argv)
|
@@ -645,6 +690,32 @@ main (argc, argv)
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -199,7 +258,7 @@ and session management before dropping privileges.
|
|||||||
/* set permissions */
|
/* set permissions */
|
||||||
if (setgid(target_pwd->pw_gid) < 0) {
|
if (setgid(target_pwd->pw_gid) < 0) {
|
||||||
perror("ksu: setgid");
|
perror("ksu: setgid");
|
||||||
@@ -733,7 +804,7 @@ main (argc, argv)
|
@@ -742,7 +813,7 @@ main (argc, argv)
|
||||||
fprintf(stderr, "program to be execed %s\n",params[0]);
|
fprintf(stderr, "program to be execed %s\n",params[0]);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -208,7 +267,7 @@ and session management before dropping privileges.
|
|||||||
execv(params[0], params);
|
execv(params[0], params);
|
||||||
com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
|
com_err(prog_name, errno, _("while trying to execv %s"), params[0]);
|
||||||
sweep_up(ksu_context, cc_target);
|
sweep_up(ksu_context, cc_target);
|
||||||
@@ -763,16 +834,35 @@ main (argc, argv)
|
@@ -772,16 +843,35 @@ main (argc, argv)
|
||||||
if (ret_pid == -1) {
|
if (ret_pid == -1) {
|
||||||
com_err(prog_name, errno, _("while calling waitpid"));
|
com_err(prog_name, errno, _("while calling waitpid"));
|
||||||
}
|
}
|
||||||
@ -245,44 +304,11 @@ and session management before dropping privileges.
|
|||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
--- krb5-1.15.orig/src/clients/ksu/Makefile.in 2016-12-01 23:31:24.000000000 +0100
|
diff --git a/src/clients/ksu/pam.c b/src/clients/ksu/pam.c
|
||||||
+++ krb5-1.15/src/clients/ksu/Makefile.in 2016-12-03 16:08:50.583613246 +0100
|
new file mode 100644
|
||||||
@@ -3,12 +3,14 @@
|
index 000000000..cbfe48704
|
||||||
DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
|
|
||||||
|
|
||||||
KSU_LIBS=@KSU_LIBS@
|
|
||||||
+PAM_LIBS=@PAM_LIBS@
|
|
||||||
|
|
||||||
SRCS = \
|
|
||||||
$(srcdir)/krb_auth_su.c \
|
|
||||||
$(srcdir)/ccache.c \
|
|
||||||
$(srcdir)/authorization.c \
|
|
||||||
$(srcdir)/main.c \
|
|
||||||
+ $(srcdir)/pam.c \
|
|
||||||
$(srcdir)/heuristic.c \
|
|
||||||
$(srcdir)/xmalloc.c \
|
|
||||||
$(srcdir)/setenv.c
|
|
||||||
@@ -17,13 +19,17 @@
|
|
||||||
ccache.o \
|
|
||||||
authorization.o \
|
|
||||||
main.o \
|
|
||||||
+ pam.o \
|
|
||||||
heuristic.o \
|
|
||||||
xmalloc.o @SETENVOBJ@
|
|
||||||
|
|
||||||
all: ksu
|
|
||||||
|
|
||||||
ksu: $(OBJS) $(KRB5_BASE_DEPLIBS)
|
|
||||||
- $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS)
|
|
||||||
+ $(CC_LINK) -o $@ $(OBJS) $(KRB5_BASE_LIBS) $(KSU_LIBS) $(PAM_LIBS)
|
|
||||||
+
|
|
||||||
+pam.o: pam.c
|
|
||||||
+ $(CC) $(ALL_CFLAGS) -c $<
|
|
||||||
|
|
||||||
clean:
|
|
||||||
$(RM) ksu
|
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.13/src/clients/ksu/pam.c
|
+++ b/src/clients/ksu/pam.c
|
||||||
@@ -0,0 +1,389 @@
|
@@ -0,0 +1,389 @@
|
||||||
+/*
|
+/*
|
||||||
+ * src/clients/ksu/pam.c
|
+ * src/clients/ksu/pam.c
|
||||||
@ -673,8 +699,11 @@ and session management before dropping privileges.
|
|||||||
+ return ret;
|
+ return ret;
|
||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
|
diff --git a/src/clients/ksu/pam.h b/src/clients/ksu/pam.h
|
||||||
|
new file mode 100644
|
||||||
|
index 000000000..0ab76569c
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.13/src/clients/ksu/pam.h
|
+++ b/src/clients/ksu/pam.h
|
||||||
@@ -0,0 +1,57 @@
|
@@ -0,0 +1,57 @@
|
||||||
+/*
|
+/*
|
||||||
+ * src/clients/ksu/pam.h
|
+ * src/clients/ksu/pam.h
|
||||||
@ -733,9 +762,11 @@ and session management before dropping privileges.
|
|||||||
+int appl_pam_cred_init(void);
|
+int appl_pam_cred_init(void);
|
||||||
+void appl_pam_cleanup(void);
|
+void appl_pam_cleanup(void);
|
||||||
+#endif
|
+#endif
|
||||||
--- krb5-1.13.orig/src/configure.in
|
diff --git a/src/configure.in b/src/configure.in
|
||||||
+++ krb5-1.13/src/configure.in
|
index 61ef738dc..e9a12ac16 100644
|
||||||
@@ -1285,6 +1285,8 @@ AC_SUBST([VERTO_VERSION])
|
--- a/src/configure.in
|
||||||
|
+++ b/src/configure.in
|
||||||
|
@@ -1352,6 +1352,8 @@ AC_SUBST([VERTO_VERSION])
|
||||||
|
|
||||||
AC_PATH_PROG(GROFF, groff)
|
AC_PATH_PROG(GROFF, groff)
|
||||||
|
|
||||||
@ -744,3 +775,6 @@ and session management before dropping privileges.
|
|||||||
# Make localedir work in autoconf 2.5x.
|
# Make localedir work in autoconf 2.5x.
|
||||||
if test "${localedir+set}" != set; then
|
if test "${localedir+set}" != set; then
|
||||||
localedir='$(datadir)/locale'
|
localedir='$(datadir)/locale'
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
31
0002-krb5-1.9-manpaths.patch
Normal file
31
0002-krb5-1.9-manpaths.patch
Normal file
@ -0,0 +1,31 @@
|
|||||||
|
From 84aceebf6f76934c5d8fa11b0f7cd662542c286a Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:06:55 +0100
|
||||||
|
Subject: [PATCH 2/9] krb5-1.9-manpaths
|
||||||
|
|
||||||
|
Import krb5-1.9-manpaths.dif
|
||||||
|
|
||||||
|
Change the absolute paths included in the man pages so that the correct
|
||||||
|
values can be dropped in by config.status. After applying this patch,
|
||||||
|
these files should be renamed to their ".in" counterparts, and then the
|
||||||
|
configure scripts should be rebuilt. Originally RT#6525
|
||||||
|
---
|
||||||
|
src/man/kpropd.man | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/man/kpropd.man b/src/man/kpropd.man
|
||||||
|
index 38daa5e79..a0106ec5f 100644
|
||||||
|
--- a/src/man/kpropd.man
|
||||||
|
+++ b/src/man/kpropd.man
|
||||||
|
@@ -67,7 +67,7 @@ the \fB/etc/inetd.conf\fP file which looks like this:
|
||||||
|
.sp
|
||||||
|
.nf
|
||||||
|
.ft C
|
||||||
|
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
||||||
|
+kprop stream tcp nowait root @SBINDIR@/kpropd kpropd
|
||||||
|
.ft P
|
||||||
|
.fi
|
||||||
|
.UNINDENT
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -1,33 +1,26 @@
|
|||||||
|
From a04d1b609e0ca89d1ad93faeeafa5b3202cca4df Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:08:07 +0100
|
||||||
|
Subject: [PATCH 3/9] krb5-1.12-buildconf
|
||||||
|
|
||||||
|
Import krb5-1.12-buildconf.patch
|
||||||
|
|
||||||
Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
|
Build binaries in this package as RELRO PIEs, libraries as partial RELRO,
|
||||||
and install shared libraries with the execute bit set on them. Prune out
|
and install shared libraries with the execute bit set on them. Prune out
|
||||||
the -L/usr/lib* and PIE flags where they might leak out and affect
|
the -L/usr/lib* and PIE flags where they might leak out and affect
|
||||||
apps which just want to link with the libraries. FIXME: needs to check and
|
apps which just want to link with the libraries. FIXME: needs to check and
|
||||||
not just assume that the compiler supports using these flags.
|
not just assume that the compiler supports using these flags.
|
||||||
|
---
|
||||||
|
src/build-tools/krb5-config.in | 7 +++++++
|
||||||
|
src/config/pre.in | 2 +-
|
||||||
|
src/config/shlib.conf | 5 +++--
|
||||||
|
3 files changed, 11 insertions(+), 3 deletions(-)
|
||||||
|
|
||||||
--- krb5-1.15.orig/src/config/shlib.conf 2016-12-01 23:31:24.000000000 +0100
|
diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
|
||||||
+++ krb5-1.15/src/config/shlib.conf 2016-12-03 16:58:48.378478508 +0100
|
index f6184da3f..0edf6a1a5 100755
|
||||||
@@ -423,7 +423,7 @@
|
--- a/src/build-tools/krb5-config.in
|
||||||
# Linux ld doesn't default to stuffing the SONAME field...
|
+++ b/src/build-tools/krb5-config.in
|
||||||
# Use objdump -x to examine the fields of the library
|
@@ -225,6 +225,13 @@ if test -n "$do_libs"; then
|
||||||
# UNDEF_CHECK is suppressed by --enable-asan
|
|
||||||
- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)'
|
|
||||||
+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro'
|
|
||||||
UNDEF_CHECK='-Wl,--no-undefined'
|
|
||||||
# $(EXPORT_CHECK) runs export-check.pl when in maintainer mode.
|
|
||||||
LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)'
|
|
||||||
@@ -435,7 +435,8 @@
|
|
||||||
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
|
|
||||||
PROFFLAGS=-pg
|
|
||||||
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
|
|
||||||
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
|
|
||||||
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
|
|
||||||
+ INSTALL_SHLIB='${INSTALL} -m755'
|
|
||||||
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
|
||||||
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
|
||||||
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
|
||||||
--- krb5/src/build-tools/krb5-config.in
|
|
||||||
+++ krb5/src/build-tools/krb5-config.in
|
|
||||||
@@ -189,6 +189,13 @@ if test -n "$do_libs"; then
|
|
||||||
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
||||||
-e 's#\$(CFLAGS)##'`
|
-e 's#\$(CFLAGS)##'`
|
||||||
|
|
||||||
@ -41,9 +34,11 @@ not just assume that the compiler supports using these flags.
|
|||||||
if test $library = 'kdb'; then
|
if test $library = 'kdb'; then
|
||||||
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
||||||
library=krb5
|
library=krb5
|
||||||
--- krb5/src/config/pre.in
|
diff --git a/src/config/pre.in b/src/config/pre.in
|
||||||
+++ krb5/src/config/pre.in
|
index ce87e21ca..164bf8301 100644
|
||||||
@@ -188,7 +188,7 @@
|
--- a/src/config/pre.in
|
||||||
|
+++ b/src/config/pre.in
|
||||||
|
@@ -184,7 +184,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP)
|
||||||
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
||||||
INSTALL_DATA=@INSTALL_DATA@
|
INSTALL_DATA=@INSTALL_DATA@
|
||||||
INSTALL_SHLIB=@INSTALL_SHLIB@
|
INSTALL_SHLIB=@INSTALL_SHLIB@
|
||||||
@ -52,3 +47,29 @@ not just assume that the compiler supports using these flags.
|
|||||||
## This is needed because autoconf will sometimes define @exec_prefix@ to be
|
## This is needed because autoconf will sometimes define @exec_prefix@ to be
|
||||||
## ${prefix}.
|
## ${prefix}.
|
||||||
prefix=@prefix@
|
prefix=@prefix@
|
||||||
|
diff --git a/src/config/shlib.conf b/src/config/shlib.conf
|
||||||
|
index 3e4af6c02..a43736137 100644
|
||||||
|
--- a/src/config/shlib.conf
|
||||||
|
+++ b/src/config/shlib.conf
|
||||||
|
@@ -423,7 +423,7 @@ mips-*-netbsd*)
|
||||||
|
# Linux ld doesn't default to stuffing the SONAME field...
|
||||||
|
# Use objdump -x to examine the fields of the library
|
||||||
|
# UNDEF_CHECK is suppressed by --enable-asan
|
||||||
|
- LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)'
|
||||||
|
+ LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro'
|
||||||
|
UNDEF_CHECK='-Wl,--no-undefined'
|
||||||
|
# $(EXPORT_CHECK) runs export-check.pl when in maintainer mode.
|
||||||
|
LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)'
|
||||||
|
@@ -435,7 +435,8 @@ mips-*-netbsd*)
|
||||||
|
SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)'
|
||||||
|
PROFFLAGS=-pg
|
||||||
|
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
|
||||||
|
- CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)'
|
||||||
|
+ CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)'
|
||||||
|
+ INSTALL_SHLIB='${INSTALL} -m755'
|
||||||
|
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
||||||
|
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
||||||
|
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
26
0004-krb5-1.6.3-gssapi_improve_errormessages.patch
Normal file
26
0004-krb5-1.6.3-gssapi_improve_errormessages.patch
Normal file
@ -0,0 +1,26 @@
|
|||||||
|
From 3cdd9863a1a7a9a004f3d75e32136bb0be26a32b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:09:05 +0100
|
||||||
|
Subject: [PATCH 4/9] krb5-1.6.3-gssapi_improve_errormessages
|
||||||
|
|
||||||
|
Import krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||||
|
---
|
||||||
|
src/lib/gssapi/generic/disp_com_err_status.c | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/lib/gssapi/generic/disp_com_err_status.c b/src/lib/gssapi/generic/disp_com_err_status.c
|
||||||
|
index bc416107e..22612f970 100644
|
||||||
|
--- a/src/lib/gssapi/generic/disp_com_err_status.c
|
||||||
|
+++ b/src/lib/gssapi/generic/disp_com_err_status.c
|
||||||
|
@@ -52,7 +52,7 @@ g_display_com_err_status(OM_uint32 *minor_status, OM_uint32 status_value,
|
||||||
|
status_string->value = NULL;
|
||||||
|
|
||||||
|
if (! g_make_string_buffer(((status_value == 0)?no_error:
|
||||||
|
- error_message(status_value)),
|
||||||
|
+ error_message((long)status_value)),
|
||||||
|
status_string)) {
|
||||||
|
*minor_status = ENOMEM;
|
||||||
|
return(GSS_S_FAILURE);
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
36
0005-krb5-1.6.3-ktutil-manpage.patch
Normal file
36
0005-krb5-1.6.3-ktutil-manpage.patch
Normal file
@ -0,0 +1,36 @@
|
|||||||
|
From af0fe879800e72101b6d306c1b510880aec7cdaa Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:14:47 +0100
|
||||||
|
Subject: [PATCH 5/9] krb5-1.6.3-ktutil-manpage
|
||||||
|
|
||||||
|
Import krb5-1.6.3-ktutil-manpage.dif
|
||||||
|
---
|
||||||
|
src/man/ktutil.man | 12 ++++++++++++
|
||||||
|
1 file changed, 12 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/man/ktutil.man b/src/man/ktutil.man
|
||||||
|
index 4e174c0fe..f6d6ae814 100644
|
||||||
|
--- a/src/man/ktutil.man
|
||||||
|
+++ b/src/man/ktutil.man
|
||||||
|
@@ -171,6 +171,18 @@ ktutil:
|
||||||
|
.sp
|
||||||
|
See kerberos(7) for a description of Kerberos environment
|
||||||
|
variables.
|
||||||
|
+.SH REMARKS
|
||||||
|
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
|
||||||
|
+is never overwritten). To directly modify a keytab, save the changes to a
|
||||||
|
+temporary file and then overwrite the keytab file of interest.
|
||||||
|
+.TP
|
||||||
|
+.nf
|
||||||
|
+Example:
|
||||||
|
+ktutil> rkt /etc/krb5.keytab
|
||||||
|
+(modifications to keytab)
|
||||||
|
+ktutil> wkt /tmp/krb5.newtab
|
||||||
|
+ktutil> q
|
||||||
|
+# mv /tmp/krb5.newtab /etc/krb5.keytab
|
||||||
|
.SH SEE ALSO
|
||||||
|
.sp
|
||||||
|
kadmin(1), kdb5_util(8), kerberos(7)
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -1,10 +1,22 @@
|
|||||||
|
From 70039109cc843f4958e89fd674d098c7c89affa8 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:15:50 +0100
|
||||||
|
Subject: [PATCH 6/9] krb5-1.12-api
|
||||||
|
|
||||||
|
Import krb5-1.12-api.patch
|
||||||
|
|
||||||
Reference docs don't define what happens if you call krb5_realm_compare() with
|
Reference docs don't define what happens if you call krb5_realm_compare() with
|
||||||
malformed krb5_principal structures. Define a behavior which keeps it from
|
malformed krb5_principal structures. Define a behavior which keeps it from
|
||||||
crashing if applications don't check ahead of time.
|
crashing if applications don't check ahead of time.
|
||||||
|
---
|
||||||
|
src/lib/krb5/krb/princ_comp.c | 7 +++++++
|
||||||
|
1 file changed, 7 insertions(+)
|
||||||
|
|
||||||
--- krb5/src/lib/krb5/krb/princ_comp.c
|
diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c
|
||||||
+++ krb5/src/lib/krb5/krb/princ_comp.c
|
index a6936107d..0ed78833b 100644
|
||||||
@@ -41,6 +41,10 @@ realm_compare_flags(krb5_context context
|
--- a/src/lib/krb5/krb/princ_comp.c
|
||||||
|
+++ b/src/lib/krb5/krb/princ_comp.c
|
||||||
|
@@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context,
|
||||||
const krb5_data *realm1 = &princ1->realm;
|
const krb5_data *realm1 = &princ1->realm;
|
||||||
const krb5_data *realm2 = &princ2->realm;
|
const krb5_data *realm2 = &princ2->realm;
|
||||||
|
|
||||||
@ -15,7 +27,7 @@ crashing if applications don't check ahead of time.
|
|||||||
if (realm1->length != realm2->length)
|
if (realm1->length != realm2->length)
|
||||||
return FALSE;
|
return FALSE;
|
||||||
if (realm1->length == 0)
|
if (realm1->length == 0)
|
||||||
@@ -92,6 +98,9 @@ krb5_principal_compare_flags(krb5_contex
|
@@ -88,6 +92,9 @@ krb5_principal_compare_flags(krb5_context context,
|
||||||
krb5_principal upn2 = NULL;
|
krb5_principal upn2 = NULL;
|
||||||
krb5_boolean ret = FALSE;
|
krb5_boolean ret = FALSE;
|
||||||
|
|
||||||
@ -25,3 +37,6 @@ crashing if applications don't check ahead of time.
|
|||||||
if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
|
if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) {
|
||||||
/* Treat UPNs as if they were real principals */
|
/* Treat UPNs as if they were real principals */
|
||||||
if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
|
if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) {
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
27
0007-krb5-1.12-ksu-path.patch
Normal file
27
0007-krb5-1.12-ksu-path.patch
Normal file
@ -0,0 +1,27 @@
|
|||||||
|
From 2af2add95fdd3973437cd0ce5ca1794afb461227 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:16:29 +0100
|
||||||
|
Subject: [PATCH 7/9] krb5-1.12-ksu
|
||||||
|
|
||||||
|
Import krb5-1.12-ksu-path.patch
|
||||||
|
|
||||||
|
Set the default PATH to the one set by login.
|
||||||
|
---
|
||||||
|
src/clients/ksu/Makefile.in | 2 +-
|
||||||
|
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in
|
||||||
|
index 5755bb58a..9d58f29b5 100644
|
||||||
|
--- a/src/clients/ksu/Makefile.in
|
||||||
|
+++ b/src/clients/ksu/Makefile.in
|
||||||
|
@@ -1,6 +1,6 @@
|
||||||
|
mydir=clients$(S)ksu
|
||||||
|
BUILDTOP=$(REL)..$(S)..
|
||||||
|
-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
|
||||||
|
+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
|
||||||
|
|
||||||
|
KSU_LIBS=@KSU_LIBS@
|
||||||
|
PAM_LIBS=@PAM_LIBS@
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -1,3 +1,10 @@
|
|||||||
|
From e079ae26bbec6bce74e09a980d734fa886ee93b0 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:17:28 +0100
|
||||||
|
Subject: [PATCH 8/9] krb5-1.12-selinux-label
|
||||||
|
|
||||||
|
Import krb5-1.12-selinux-label.patch
|
||||||
|
|
||||||
SELinux bases access to files on the domain of the requesting process,
|
SELinux bases access to files on the domain of the requesting process,
|
||||||
the operation being performed, and the context applied to the file.
|
the operation being performed, and the context applied to the file.
|
||||||
|
|
||||||
@ -30,11 +37,39 @@ stomp all over us.
|
|||||||
The selabel APIs for looking up the context should be thread-safe (per
|
The selabel APIs for looking up the context should be thread-safe (per
|
||||||
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
||||||
which we used earlier, is some improvement.
|
which we used earlier, is some improvement.
|
||||||
|
---
|
||||||
|
src/aclocal.m4 | 49 +++
|
||||||
|
src/build-tools/krb5-config.in | 3 +-
|
||||||
|
src/config/pre.in | 3 +-
|
||||||
|
src/configure.in | 2 +
|
||||||
|
src/include/k5-int.h | 1 +
|
||||||
|
src/include/k5-label.h | 32 ++
|
||||||
|
src/include/krb5/krb5.hin | 6 +
|
||||||
|
src/kadmin/dbutil/dump.c | 11 +-
|
||||||
|
src/kdc/main.c | 2 +-
|
||||||
|
src/lib/kadm5/logger.c | 4 +-
|
||||||
|
src/lib/kdb/kdb_log.c | 2 +-
|
||||||
|
src/lib/krb5/ccache/cc_dir.c | 26 +-
|
||||||
|
src/lib/krb5/keytab/kt_file.c | 4 +-
|
||||||
|
src/lib/krb5/os/trace.c | 2 +-
|
||||||
|
src/lib/krb5/rcache/rc_dfl.c | 13 +
|
||||||
|
src/plugins/kdb/db2/adb_openclose.c | 2 +-
|
||||||
|
src/plugins/kdb/db2/kdb_db2.c | 4 +-
|
||||||
|
src/plugins/kdb/db2/libdb2/btree/bt_open.c | 3 +-
|
||||||
|
src/plugins/kdb/db2/libdb2/hash/hash.c | 3 +-
|
||||||
|
src/plugins/kdb/db2/libdb2/recno/rec_open.c | 4 +-
|
||||||
|
.../kdb/ldap/ldap_util/kdb5_ldap_services.c | 11 +-
|
||||||
|
src/util/profile/prof_file.c | 3 +-
|
||||||
|
src/util/support/Makefile.in | 3 +-
|
||||||
|
src/util/support/selinux.c | 381 ++++++++++++++++++
|
||||||
|
24 files changed, 553 insertions(+), 21 deletions(-)
|
||||||
|
create mode 100644 src/include/k5-label.h
|
||||||
|
create mode 100644 src/util/support/selinux.c
|
||||||
|
|
||||||
Index: krb5-1.16.1/src/aclocal.m4
|
diff --git a/src/aclocal.m4 b/src/aclocal.m4
|
||||||
===================================================================
|
index 340546d80..4440ec5f8 100644
|
||||||
--- krb5-1.16.1.orig/src/aclocal.m4
|
--- a/src/aclocal.m4
|
||||||
+++ krb5-1.16.1/src/aclocal.m4
|
+++ b/src/aclocal.m4
|
||||||
@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
||||||
dnl
|
dnl
|
||||||
KRB5_AC_PRAGMA_WEAK_REF
|
KRB5_AC_PRAGMA_WEAK_REF
|
||||||
@ -43,7 +78,7 @@ Index: krb5-1.16.1/src/aclocal.m4
|
|||||||
KRB5_LIB_PARAMS
|
KRB5_LIB_PARAMS
|
||||||
KRB5_AC_INITFINI
|
KRB5_AC_INITFINI
|
||||||
KRB5_AC_ENABLE_THREADS
|
KRB5_AC_ENABLE_THREADS
|
||||||
@@ -1763,3 +1764,51 @@ AC_SUBST(PAM_LIBS)
|
@@ -1764,3 +1765,51 @@ AC_SUBST(PAM_LIBS)
|
||||||
AC_SUBST(PAM_MAN)
|
AC_SUBST(PAM_MAN)
|
||||||
AC_SUBST(NON_PAM_MAN)
|
AC_SUBST(NON_PAM_MAN)
|
||||||
])dnl
|
])dnl
|
||||||
@ -95,10 +130,31 @@ Index: krb5-1.16.1/src/aclocal.m4
|
|||||||
+LIBS="$old_LIBS"
|
+LIBS="$old_LIBS"
|
||||||
+AC_SUBST(SELINUX_LIBS)
|
+AC_SUBST(SELINUX_LIBS)
|
||||||
+])dnl
|
+])dnl
|
||||||
Index: krb5-1.16.1/src/config/pre.in
|
diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in
|
||||||
===================================================================
|
index 0edf6a1a5..1891dea99 100755
|
||||||
--- krb5-1.16.1.orig/src/config/pre.in
|
--- a/src/build-tools/krb5-config.in
|
||||||
+++ krb5-1.16.1/src/config/pre.in
|
+++ b/src/build-tools/krb5-config.in
|
||||||
|
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
|
||||||
|
DEFCCNAME='@DEFCCNAME@'
|
||||||
|
DEFKTNAME='@DEFKTNAME@'
|
||||||
|
DEFCKTNAME='@DEFCKTNAME@'
|
||||||
|
+SELINUX_LIBS='@SELINUX_LIBS@'
|
||||||
|
|
||||||
|
LIBS='@LIBS@'
|
||||||
|
GEN_LIB=@GEN_LIB@
|
||||||
|
@@ -262,7 +263,7 @@ if test -n "$do_libs"; then
|
||||||
|
fi
|
||||||
|
|
||||||
|
# If we ever support a flag to generate output suitable for static
|
||||||
|
- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
|
||||||
|
+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
|
||||||
|
# here.
|
||||||
|
|
||||||
|
echo $lib_flags
|
||||||
|
diff --git a/src/config/pre.in b/src/config/pre.in
|
||||||
|
index 164bf8301..a8540ae2a 100644
|
||||||
|
--- a/src/config/pre.in
|
||||||
|
+++ b/src/config/pre.in
|
||||||
@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
|
@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
|
||||||
KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
|
KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
|
||||||
LDFLAGS = @LDFLAGS@
|
LDFLAGS = @LDFLAGS@
|
||||||
@ -107,7 +163,7 @@ Index: krb5-1.16.1/src/config/pre.in
|
|||||||
|
|
||||||
INSTALL=@INSTALL@
|
INSTALL=@INSTALL@
|
||||||
INSTALL_STRIP=
|
INSTALL_STRIP=
|
||||||
@@ -399,7 +400,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
@@ -402,7 +403,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
||||||
# HESIOD_LIBS is -lhesiod...
|
# HESIOD_LIBS is -lhesiod...
|
||||||
HESIOD_LIBS = @HESIOD_LIBS@
|
HESIOD_LIBS = @HESIOD_LIBS@
|
||||||
|
|
||||||
@ -116,11 +172,11 @@ Index: krb5-1.16.1/src/config/pre.in
|
|||||||
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
||||||
GSS_LIBS = $(GSS_KRB5_LIB)
|
GSS_LIBS = $(GSS_KRB5_LIB)
|
||||||
# needs fixing if ever used on macOS!
|
# needs fixing if ever used on macOS!
|
||||||
Index: krb5-1.16.1/src/configure.in
|
diff --git a/src/configure.in b/src/configure.in
|
||||||
===================================================================
|
index e9a12ac16..93aec682e 100644
|
||||||
--- krb5-1.16.1.orig/src/configure.in
|
--- a/src/configure.in
|
||||||
+++ krb5-1.16.1/src/configure.in
|
+++ b/src/configure.in
|
||||||
@@ -1308,6 +1308,8 @@ AC_PATH_PROG(GROFF, groff)
|
@@ -1354,6 +1354,8 @@ AC_PATH_PROG(GROFF, groff)
|
||||||
|
|
||||||
KRB5_WITH_PAM
|
KRB5_WITH_PAM
|
||||||
|
|
||||||
@ -129,10 +185,10 @@ Index: krb5-1.16.1/src/configure.in
|
|||||||
# Make localedir work in autoconf 2.5x.
|
# Make localedir work in autoconf 2.5x.
|
||||||
if test "${localedir+set}" != set; then
|
if test "${localedir+set}" != set; then
|
||||||
localedir='$(datadir)/locale'
|
localedir='$(datadir)/locale'
|
||||||
Index: krb5-1.16.1/src/include/k5-int.h
|
diff --git a/src/include/k5-int.h b/src/include/k5-int.h
|
||||||
===================================================================
|
index 652242207..7190a8f55 100644
|
||||||
--- krb5-1.16.1.orig/src/include/k5-int.h
|
--- a/src/include/k5-int.h
|
||||||
+++ krb5-1.16.1/src/include/k5-int.h
|
+++ b/src/include/k5-int.h
|
||||||
@@ -126,6 +126,7 @@ typedef unsigned char u_char;
|
@@ -126,6 +126,7 @@ typedef unsigned char u_char;
|
||||||
#endif /* HAVE_SYS_TYPES_H */
|
#endif /* HAVE_SYS_TYPES_H */
|
||||||
#endif /* KRB5_SYSTYPES__ */
|
#endif /* KRB5_SYSTYPES__ */
|
||||||
@ -141,10 +197,11 @@ Index: krb5-1.16.1/src/include/k5-int.h
|
|||||||
|
|
||||||
#include "k5-platform.h"
|
#include "k5-platform.h"
|
||||||
|
|
||||||
Index: krb5-1.16.1/src/include/k5-label.h
|
diff --git a/src/include/k5-label.h b/src/include/k5-label.h
|
||||||
===================================================================
|
new file mode 100644
|
||||||
|
index 000000000..dfaaa847c
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.16.1/src/include/k5-label.h
|
+++ b/src/include/k5-label.h
|
||||||
@@ -0,0 +1,32 @@
|
@@ -0,0 +1,32 @@
|
||||||
+#ifndef _KRB5_LABEL_H
|
+#ifndef _KRB5_LABEL_H
|
||||||
+#define _KRB5_LABEL_H
|
+#define _KRB5_LABEL_H
|
||||||
@ -178,10 +235,10 @@ Index: krb5-1.16.1/src/include/k5-label.h
|
|||||||
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||||
+#endif
|
+#endif
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.16.1/src/include/krb5/krb5.hin
|
diff --git a/src/include/krb5/krb5.hin b/src/include/krb5/krb5.hin
|
||||||
===================================================================
|
index c40a6cca8..3ff86d7ff 100644
|
||||||
--- krb5-1.16.1.orig/src/include/krb5/krb5.hin
|
--- a/src/include/krb5/krb5.hin
|
||||||
+++ krb5-1.16.1/src/include/krb5/krb5.hin
|
+++ b/src/include/krb5/krb5.hin
|
||||||
@@ -87,6 +87,12 @@
|
@@ -87,6 +87,12 @@
|
||||||
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||||
#endif
|
#endif
|
||||||
@ -195,11 +252,11 @@ Index: krb5-1.16.1/src/include/krb5/krb5.hin
|
|||||||
#define KRB5_OLD_CRYPTO
|
#define KRB5_OLD_CRYPTO
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
Index: krb5-1.16.1/src/kadmin/dbutil/dump.c
|
diff --git a/src/kadmin/dbutil/dump.c b/src/kadmin/dbutil/dump.c
|
||||||
===================================================================
|
index c9574c6e1..8301a33d0 100644
|
||||||
--- krb5-1.16.1.orig/src/kadmin/dbutil/dump.c
|
--- a/src/kadmin/dbutil/dump.c
|
||||||
+++ krb5-1.16.1/src/kadmin/dbutil/dump.c
|
+++ b/src/kadmin/dbutil/dump.c
|
||||||
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname
|
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname)
|
||||||
{
|
{
|
||||||
int fd = -1;
|
int fd = -1;
|
||||||
FILE *f;
|
FILE *f;
|
||||||
@ -221,41 +278,33 @@ Index: krb5-1.16.1/src/kadmin/dbutil/dump.c
|
|||||||
if (fd == -1)
|
if (fd == -1)
|
||||||
goto error;
|
goto error;
|
||||||
|
|
||||||
@@ -194,7 +203,7 @@ prep_ok_file(krb5_context context, char
|
@@ -197,7 +206,7 @@ prep_ok_file(krb5_context context, char *file_name, int *fd_out)
|
||||||
return 0;
|
goto cleanup;
|
||||||
}
|
}
|
||||||
|
|
||||||
- *fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
- fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||||
+ *fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
+ fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||||
if (*fd == -1) {
|
if (fd == -1) {
|
||||||
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
|
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
|
||||||
exit_status++;
|
goto cleanup;
|
||||||
Index: krb5-1.16.1/src/build-tools/krb5-config.in
|
diff --git a/src/kdc/main.c b/src/kdc/main.c
|
||||||
===================================================================
|
index 408c723f5..663fd6303 100644
|
||||||
--- krb5-1.16.1.orig/src/build-tools/krb5-config.in
|
--- a/src/kdc/main.c
|
||||||
+++ krb5-1.16.1/src/build-tools/krb5-config.in
|
+++ b/src/kdc/main.c
|
||||||
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
|
@@ -858,7 +858,7 @@ write_pid_file(const char *path)
|
||||||
DEFCCNAME='@DEFCCNAME@'
|
FILE *file;
|
||||||
DEFKTNAME='@DEFKTNAME@'
|
unsigned long pid;
|
||||||
DEFCKTNAME='@DEFCKTNAME@'
|
|
||||||
+SELINUX_LIBS='@SELINUX_LIBS@'
|
|
||||||
|
|
||||||
LIBS='@LIBS@'
|
- file = fopen(path, "w");
|
||||||
GEN_LIB=@GEN_LIB@
|
+ file = WRITABLEFOPEN(path, "w");
|
||||||
@@ -262,7 +263,7 @@ if test -n "$do_libs"; then
|
if (file == NULL)
|
||||||
fi
|
return errno;
|
||||||
|
pid = (unsigned long) getpid();
|
||||||
# If we ever support a flag to generate output suitable for static
|
diff --git a/src/lib/kadm5/logger.c b/src/lib/kadm5/logger.c
|
||||||
- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB"
|
index c6885edf2..9aec3c05e 100644
|
||||||
+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB"
|
--- a/src/lib/kadm5/logger.c
|
||||||
# here.
|
+++ b/src/lib/kadm5/logger.c
|
||||||
|
@@ -309,7 +309,7 @@ krb5_klog_init(krb5_context kcontext, char *ename, char *whoami, krb5_boolean do
|
||||||
echo $lib_flags
|
|
||||||
Index: krb5-1.16.1/src/lib/kadm5/logger.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/lib/kadm5/logger.c
|
|
||||||
+++ krb5-1.16.1/src/lib/kadm5/logger.c
|
|
||||||
@@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
|
||||||
*/
|
*/
|
||||||
append = (cp[4] == ':') ? O_APPEND : 0;
|
append = (cp[4] == ':') ? O_APPEND : 0;
|
||||||
if (append || cp[4] == '=') {
|
if (append || cp[4] == '=') {
|
||||||
@ -264,7 +313,7 @@ Index: krb5-1.16.1/src/lib/kadm5/logger.c
|
|||||||
S_IRUSR | S_IWUSR | S_IRGRP);
|
S_IRUSR | S_IWUSR | S_IRGRP);
|
||||||
if (fd != -1)
|
if (fd != -1)
|
||||||
f = fdopen(fd, append ? "a" : "w");
|
f = fdopen(fd, append ? "a" : "w");
|
||||||
@@ -918,7 +918,7 @@ krb5_klog_reopen(krb5_context kcontext)
|
@@ -776,7 +776,7 @@ krb5_klog_reopen(krb5_context kcontext)
|
||||||
* In case the old logfile did not get moved out of the
|
* In case the old logfile did not get moved out of the
|
||||||
* way, open for append to prevent squashing the old logs.
|
* way, open for append to prevent squashing the old logs.
|
||||||
*/
|
*/
|
||||||
@ -273,11 +322,74 @@ Index: krb5-1.16.1/src/lib/kadm5/logger.c
|
|||||||
if (f) {
|
if (f) {
|
||||||
set_cloexec_file(f);
|
set_cloexec_file(f);
|
||||||
log_control.log_entries[lindex].lfu_filep = f;
|
log_control.log_entries[lindex].lfu_filep = f;
|
||||||
Index: krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
|
diff --git a/src/lib/kdb/kdb_log.c b/src/lib/kdb/kdb_log.c
|
||||||
===================================================================
|
index 2659a2501..a1cd38f4c 100644
|
||||||
--- krb5-1.16.1.orig/src/lib/krb5/keytab/kt_file.c
|
--- a/src/lib/kdb/kdb_log.c
|
||||||
+++ krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
|
+++ b/src/lib/kdb/kdb_log.c
|
||||||
@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context
|
@@ -491,7 +491,7 @@ ulog_map(krb5_context context, const char *logname, uint32_t ulogentries)
|
||||||
|
if (retval)
|
||||||
|
goto cleanup;
|
||||||
|
} else {
|
||||||
|
- log_ctx->ulogfd = open(logname, O_RDWR, 0600);
|
||||||
|
+ log_ctx->ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600);
|
||||||
|
if (log_ctx->ulogfd == -1) {
|
||||||
|
retval = errno;
|
||||||
|
goto cleanup;
|
||||||
|
diff --git a/src/lib/krb5/ccache/cc_dir.c b/src/lib/krb5/ccache/cc_dir.c
|
||||||
|
index bba64e516..73f0fe62d 100644
|
||||||
|
--- a/src/lib/krb5/ccache/cc_dir.c
|
||||||
|
+++ b/src/lib/krb5/ccache/cc_dir.c
|
||||||
|
@@ -183,10 +183,19 @@ write_primary_file(const char *primary_path, const char *contents)
|
||||||
|
char *newpath = NULL;
|
||||||
|
FILE *fp = NULL;
|
||||||
|
int fd = -1, status;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0)
|
||||||
|
return ENOMEM;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(primary_path);
|
||||||
|
+#endif
|
||||||
|
fd = mkstemp(newpath);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
if (fd < 0)
|
||||||
|
goto cleanup;
|
||||||
|
#ifdef HAVE_CHMOD
|
||||||
|
@@ -221,10 +230,23 @@ static krb5_error_code
|
||||||
|
verify_dir(krb5_context context, const char *dirname)
|
||||||
|
{
|
||||||
|
struct stat st;
|
||||||
|
+ int status;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (stat(dirname, &st) < 0) {
|
||||||
|
- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
|
||||||
|
- return 0;
|
||||||
|
+ if (errno == ENOENT) {
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(dirname);
|
||||||
|
+#endif
|
||||||
|
+ status = mkdir(dirname, S_IRWXU);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
+ if (status == 0)
|
||||||
|
+ return 0;
|
||||||
|
+ }
|
||||||
|
k5_setmsg(context, KRB5_FCC_NOFILE,
|
||||||
|
_("Credential cache directory %s does not exist"),
|
||||||
|
dirname);
|
||||||
|
diff --git a/src/lib/krb5/keytab/kt_file.c b/src/lib/krb5/keytab/kt_file.c
|
||||||
|
index 89cb68680..21c80d419 100644
|
||||||
|
--- a/src/lib/krb5/keytab/kt_file.c
|
||||||
|
+++ b/src/lib/krb5/keytab/kt_file.c
|
||||||
|
@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context, krb5_keytab id, int mode)
|
||||||
|
|
||||||
KTCHECKLOCK(id);
|
KTCHECKLOCK(id);
|
||||||
errno = 0;
|
errno = 0;
|
||||||
@ -294,11 +406,56 @@ Index: krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
|
|||||||
if (!KTFILEP(id))
|
if (!KTFILEP(id))
|
||||||
goto report_errno;
|
goto report_errno;
|
||||||
writevno = 1;
|
writevno = 1;
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
|
diff --git a/src/lib/krb5/os/trace.c b/src/lib/krb5/os/trace.c
|
||||||
===================================================================
|
index 4fff8f38c..40a9e7b10 100644
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/db2/adb_openclose.c
|
--- a/src/lib/krb5/os/trace.c
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
|
+++ b/src/lib/krb5/os/trace.c
|
||||||
@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
@@ -458,7 +458,7 @@ krb5_set_trace_filename(krb5_context context, const char *filename)
|
||||||
|
fd = malloc(sizeof(*fd));
|
||||||
|
if (fd == NULL)
|
||||||
|
return ENOMEM;
|
||||||
|
- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||||
|
+ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||||
|
if (*fd == -1) {
|
||||||
|
free(fd);
|
||||||
|
return errno;
|
||||||
|
diff --git a/src/lib/krb5/rcache/rc_dfl.c b/src/lib/krb5/rcache/rc_dfl.c
|
||||||
|
index 1e0cb22c9..f5e93b1ab 100644
|
||||||
|
--- a/src/lib/krb5/rcache/rc_dfl.c
|
||||||
|
+++ b/src/lib/krb5/rcache/rc_dfl.c
|
||||||
|
@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
|
||||||
|
krb5_error_code retval = 0;
|
||||||
|
krb5_rcache tmp;
|
||||||
|
krb5_deltat lifespan = t->lifespan; /* save original lifespan */
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (! t->recovering) {
|
||||||
|
name = t->name;
|
||||||
|
@@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context context, krb5_rcache id)
|
||||||
|
retval = krb5_rc_resolve(context, tmp, 0);
|
||||||
|
if (retval)
|
||||||
|
goto cleanup;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ if (t->d.fn != NULL)
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(t->d.fn);
|
||||||
|
+ else
|
||||||
|
+ selabel = NULL;
|
||||||
|
+#endif
|
||||||
|
retval = krb5_rc_initialize(context, tmp, lifespan);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ if (selabel != NULL)
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
if (retval)
|
||||||
|
goto cleanup;
|
||||||
|
for (q = t->a; q; q = q->na) {
|
||||||
|
diff --git a/src/plugins/kdb/db2/adb_openclose.c b/src/plugins/kdb/db2/adb_openclose.c
|
||||||
|
index 7db30a33b..2b9d01921 100644
|
||||||
|
--- a/src/plugins/kdb/db2/adb_openclose.c
|
||||||
|
+++ b/src/plugins/kdb/db2/adb_openclose.c
|
||||||
|
@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char *filename, char *lockfilename,
|
||||||
* needs be open read/write so that write locking can work with
|
* needs be open read/write so that write locking can work with
|
||||||
* POSIX systems
|
* POSIX systems
|
||||||
*/
|
*/
|
||||||
@ -307,11 +464,26 @@ Index: krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
|
|||||||
/*
|
/*
|
||||||
* maybe someone took away write permission so we could only
|
* maybe someone took away write permission so we could only
|
||||||
* get shared locks?
|
* get shared locks?
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
diff --git a/src/plugins/kdb/db2/kdb_db2.c b/src/plugins/kdb/db2/kdb_db2.c
|
||||||
===================================================================
|
index 5106a5c99..e481e8121 100644
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
--- a/src/plugins/kdb/db2/kdb_db2.c
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
+++ b/src/plugins/kdb/db2/kdb_db2.c
|
||||||
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5_db2_context *dbc)
|
||||||
|
if (retval)
|
||||||
|
return retval;
|
||||||
|
|
||||||
|
- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
|
||||||
|
- 0600);
|
||||||
|
+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
|
||||||
|
+ O_CREAT | O_RDWR | O_TRUNC, 0600);
|
||||||
|
if (dbc->db_lf_file < 0) {
|
||||||
|
retval = errno;
|
||||||
|
goto cleanup;
|
||||||
|
diff --git a/src/plugins/kdb/db2/libdb2/btree/bt_open.c b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
|
index 2977b17f3..d5809a5a9 100644
|
||||||
|
--- a/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
|
+++ b/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
|
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.11 (Berkeley) 11/2/95";
|
||||||
#include <string.h>
|
#include <string.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
|
|
||||||
@ -319,7 +491,7 @@ Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|||||||
#include "db-int.h"
|
#include "db-int.h"
|
||||||
#include "btree.h"
|
#include "btree.h"
|
||||||
|
|
||||||
@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo,
|
@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, dflags)
|
||||||
goto einval;
|
goto einval;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -328,11 +500,11 @@ Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
diff --git a/src/plugins/kdb/db2/libdb2/hash/hash.c b/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
===================================================================
|
index 862dbb164..686a960c9 100644
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
--- a/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
+++ b/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 (Berkeley) 11/7/95";
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -340,7 +512,7 @@ Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|||||||
#include "db-int.h"
|
#include "db-int.h"
|
||||||
#include "hash.h"
|
#include "hash.h"
|
||||||
#include "page.h"
|
#include "page.h"
|
||||||
@@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info
|
@@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info, dflags)
|
||||||
new_table = 1;
|
new_table = 1;
|
||||||
}
|
}
|
||||||
if (file) {
|
if (file) {
|
||||||
@ -349,11 +521,33 @@ Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|||||||
RETURN_ERROR(errno, error0);
|
RETURN_ERROR(errno, error0);
|
||||||
(void)fcntl(hashp->fp, F_SETFD, 1);
|
(void)fcntl(hashp->fp, F_SETFD, 1);
|
||||||
}
|
}
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
diff --git a/src/plugins/kdb/db2/libdb2/recno/rec_open.c b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
===================================================================
|
index d8b26e701..b0daa7c02 100644
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
--- a/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
+++ b/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
@@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int arg
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8.12 (Berkeley) 11/18/94";
|
||||||
|
#include <stdio.h>
|
||||||
|
#include <unistd.h>
|
||||||
|
|
||||||
|
+#include "k5-int.h"
|
||||||
|
#include "db-int.h"
|
||||||
|
#include "recno.h"
|
||||||
|
|
||||||
|
@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, dflags)
|
||||||
|
int rfd = -1, sverrno;
|
||||||
|
|
||||||
|
/* Open the user's file -- if this fails, we're done. */
|
||||||
|
- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
|
||||||
|
+ if (fname != NULL &&
|
||||||
|
+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
||||||
|
return (NULL);
|
||||||
|
|
||||||
|
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
||||||
|
diff --git a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
|
index 1ed72afe9..ce038fc3d 100644
|
||||||
|
--- a/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
|
+++ b/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
|
@@ -194,7 +194,7 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
|
||||||
|
|
||||||
/* set password in the file */
|
/* set password in the file */
|
||||||
old_mode = umask(0177);
|
old_mode = umask(0177);
|
||||||
@ -362,7 +556,7 @@ Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|||||||
if (pfile == NULL) {
|
if (pfile == NULL) {
|
||||||
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
||||||
strerror (errno));
|
strerror (errno));
|
||||||
@@ -244,6 +244,9 @@ kdb5_ldap_stash_service_password(int arg
|
@@ -235,6 +235,9 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
|
||||||
* Delete the existing entry and add the new entry
|
* Delete the existing entry and add the new entry
|
||||||
*/
|
*/
|
||||||
FILE *newfile;
|
FILE *newfile;
|
||||||
@ -372,7 +566,7 @@ Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|||||||
|
|
||||||
mode_t omask;
|
mode_t omask;
|
||||||
|
|
||||||
@@ -255,7 +258,13 @@ kdb5_ldap_stash_service_password(int arg
|
@@ -246,7 +249,13 @@ kdb5_ldap_stash_service_password(int argc, char **argv)
|
||||||
}
|
}
|
||||||
|
|
||||||
omask = umask(077);
|
omask = umask(077);
|
||||||
@ -386,10 +580,10 @@ Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|||||||
umask (omask);
|
umask (omask);
|
||||||
if (newfile == NULL) {
|
if (newfile == NULL) {
|
||||||
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
||||||
Index: krb5-1.16.1/src/util/profile/prof_file.c
|
diff --git a/src/util/profile/prof_file.c b/src/util/profile/prof_file.c
|
||||||
===================================================================
|
index 24e41fb80..0dcb6b543 100644
|
||||||
--- krb5-1.16.1.orig/src/util/profile/prof_file.c
|
--- a/src/util/profile/prof_file.c
|
||||||
+++ krb5-1.16.1/src/util/profile/prof_file.c
|
+++ b/src/util/profile/prof_file.c
|
||||||
@@ -33,6 +33,7 @@
|
@@ -33,6 +33,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -398,7 +592,7 @@ Index: krb5-1.16.1/src/util/profile/prof_file.c
|
|||||||
|
|
||||||
struct global_shared_profile_data {
|
struct global_shared_profile_data {
|
||||||
/* This is the head of the global list of shared trees */
|
/* This is the head of the global list of shared trees */
|
||||||
@@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_
|
@@ -391,7 +392,7 @@ static errcode_t write_data_to_file(prf_data_t data, const char *outfile,
|
||||||
|
|
||||||
errno = 0;
|
errno = 0;
|
||||||
|
|
||||||
@ -407,10 +601,10 @@ Index: krb5-1.16.1/src/util/profile/prof_file.c
|
|||||||
if (!f) {
|
if (!f) {
|
||||||
retval = errno;
|
retval = errno;
|
||||||
if (retval == 0)
|
if (retval == 0)
|
||||||
Index: krb5-1.16.1/src/util/support/Makefile.in
|
diff --git a/src/util/support/Makefile.in b/src/util/support/Makefile.in
|
||||||
===================================================================
|
index db7b030b8..321672bcb 100644
|
||||||
--- krb5-1.16.1.orig/src/util/support/Makefile.in
|
--- a/src/util/support/Makefile.in
|
||||||
+++ krb5-1.16.1/src/util/support/Makefile.in
|
+++ b/src/util/support/Makefile.in
|
||||||
@@ -69,6 +69,7 @@ IPC_SYMS= \
|
@@ -69,6 +69,7 @@ IPC_SYMS= \
|
||||||
|
|
||||||
STLIBOBJS= \
|
STLIBOBJS= \
|
||||||
@ -419,7 +613,7 @@ Index: krb5-1.16.1/src/util/support/Makefile.in
|
|||||||
init-addrinfo.o \
|
init-addrinfo.o \
|
||||||
plugins.o \
|
plugins.o \
|
||||||
errors.o \
|
errors.o \
|
||||||
@@ -149,7 +150,7 @@ SRCS=\
|
@@ -160,7 +161,7 @@ SRCS=\
|
||||||
|
|
||||||
SHLIB_EXPDEPS =
|
SHLIB_EXPDEPS =
|
||||||
# Add -lm if dumping thread stats, for sqrt.
|
# Add -lm if dumping thread stats, for sqrt.
|
||||||
@ -428,10 +622,11 @@ Index: krb5-1.16.1/src/util/support/Makefile.in
|
|||||||
|
|
||||||
DEPLIBS=
|
DEPLIBS=
|
||||||
|
|
||||||
Index: krb5-1.16.1/src/util/support/selinux.c
|
diff --git a/src/util/support/selinux.c b/src/util/support/selinux.c
|
||||||
===================================================================
|
new file mode 100644
|
||||||
|
index 000000000..ffba6a9ff
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.16.1/src/util/support/selinux.c
|
+++ b/src/util/support/selinux.c
|
||||||
@@ -0,0 +1,381 @@
|
@@ -0,0 +1,381 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved.
|
+ * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved.
|
||||||
@ -814,192 +1009,6 @@ Index: krb5-1.16.1/src/util/support/selinux.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
|
--
|
||||||
===================================================================
|
2.20.1
|
||||||
--- krb5-1.16.1.orig/src/lib/krb5/rcache/rc_dfl.c
|
|
||||||
+++ krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
|
|
||||||
@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
||||||
krb5_error_code retval = 0;
|
|
||||||
krb5_rcache tmp;
|
|
||||||
krb5_deltat lifespan = t->lifespan; /* save original lifespan */
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ void *selabel;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (! t->recovering) {
|
|
||||||
name = t->name;
|
|
||||||
@@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
|
||||||
retval = krb5_rc_resolve(context, tmp, 0);
|
|
||||||
if (retval)
|
|
||||||
goto cleanup;
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ if (t->d.fn != NULL)
|
|
||||||
+ selabel = krb5int_push_fscreatecon_for(t->d.fn);
|
|
||||||
+ else
|
|
||||||
+ selabel = NULL;
|
|
||||||
+#endif
|
|
||||||
retval = krb5_rc_initialize(context, tmp, lifespan);
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ if (selabel != NULL)
|
|
||||||
+ krb5int_pop_fscreatecon(selabel);
|
|
||||||
+#endif
|
|
||||||
if (retval)
|
|
||||||
goto cleanup;
|
|
||||||
for (q = t->a; q; q = q->na) {
|
|
||||||
Index: krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/lib/krb5/ccache/cc_dir.c
|
|
||||||
+++ krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
|
|
||||||
@@ -183,10 +183,19 @@ write_primary_file(const char *primary_p
|
|
||||||
char *newpath = NULL;
|
|
||||||
FILE *fp = NULL;
|
|
||||||
int fd = -1, status;
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ void *selabel;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0)
|
|
||||||
return ENOMEM;
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ selabel = krb5int_push_fscreatecon_for(primary_path);
|
|
||||||
+#endif
|
|
||||||
fd = mkstemp(newpath);
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ krb5int_pop_fscreatecon(selabel);
|
|
||||||
+#endif
|
|
||||||
if (fd < 0)
|
|
||||||
goto cleanup;
|
|
||||||
#ifdef HAVE_CHMOD
|
|
||||||
@@ -221,10 +230,23 @@ static krb5_error_code
|
|
||||||
verify_dir(krb5_context context, const char *dirname)
|
|
||||||
{
|
|
||||||
struct stat st;
|
|
||||||
+ int status;
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ void *selabel;
|
|
||||||
+#endif
|
|
||||||
|
|
||||||
if (stat(dirname, &st) < 0) {
|
|
||||||
- if (errno == ENOENT && mkdir(dirname, S_IRWXU) == 0)
|
|
||||||
- return 0;
|
|
||||||
+ if (errno == ENOENT) {
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ selabel = krb5int_push_fscreatecon_for(dirname);
|
|
||||||
+#endif
|
|
||||||
+ status = mkdir(dirname, S_IRWXU);
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ krb5int_pop_fscreatecon(selabel);
|
|
||||||
+#endif
|
|
||||||
+ if (status == 0)
|
|
||||||
+ return 0;
|
|
||||||
+ }
|
|
||||||
k5_setmsg(context, KRB5_FCC_NOFILE,
|
|
||||||
_("Credential cache directory %s does not exist"),
|
|
||||||
dirname);
|
|
||||||
Index: krb5-1.16.1/src/lib/krb5/os/trace.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/lib/krb5/os/trace.c
|
|
||||||
+++ krb5-1.16.1/src/lib/krb5/os/trace.c
|
|
||||||
@@ -398,7 +398,7 @@ krb5_set_trace_filename(krb5_context con
|
|
||||||
fd = malloc(sizeof(*fd));
|
|
||||||
if (fd == NULL)
|
|
||||||
return ENOMEM;
|
|
||||||
- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
|
||||||
+ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
|
||||||
if (*fd == -1) {
|
|
||||||
free(fd);
|
|
||||||
return errno;
|
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/db2/kdb_db2.c
|
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
|
|
||||||
@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5
|
|
||||||
if (retval)
|
|
||||||
return retval;
|
|
||||||
|
|
||||||
- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC,
|
|
||||||
- 0600);
|
|
||||||
+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name,
|
|
||||||
+ O_CREAT | O_RDWR | O_TRUNC, 0600);
|
|
||||||
if (dbc->db_lf_file < 0) {
|
|
||||||
retval = errno;
|
|
||||||
goto cleanup;
|
|
||||||
Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
||||||
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|
||||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
|
||||||
#include <stdio.h>
|
|
||||||
#include <unistd.h>
|
|
||||||
|
|
||||||
+#include "k5-int.h"
|
|
||||||
#include "db-int.h"
|
|
||||||
#include "recno.h"
|
|
||||||
|
|
||||||
@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo,
|
|
||||||
int rfd = -1, sverrno;
|
|
||||||
|
|
||||||
/* Open the user's file -- if this fails, we're done. */
|
|
||||||
- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0)
|
|
||||||
+ if (fname != NULL &&
|
|
||||||
+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0)
|
|
||||||
return (NULL);
|
|
||||||
|
|
||||||
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
|
||||||
Index: krb5-1.16.1/src/kdc/main.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/kdc/main.c
|
|
||||||
+++ krb5-1.16.1/src/kdc/main.c
|
|
||||||
@@ -873,7 +873,7 @@ write_pid_file(const char *path)
|
|
||||||
FILE *file;
|
|
||||||
unsigned long pid;
|
|
||||||
|
|
||||||
- file = fopen(path, "w");
|
|
||||||
+ file = WRITABLEFOPEN(path, "w");
|
|
||||||
if (file == NULL)
|
|
||||||
return errno;
|
|
||||||
pid = (unsigned long) getpid();
|
|
||||||
Index: krb5-1.16.1/src/lib/kdb/kdb_log.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/lib/kdb/kdb_log.c
|
|
||||||
+++ krb5-1.16.1/src/lib/kdb/kdb_log.c
|
|
||||||
@@ -484,7 +484,7 @@ ulog_map(krb5_context context, const cha
|
|
||||||
if (extend_file_to(ulogfd, filesize) < 0)
|
|
||||||
return errno;
|
|
||||||
} else {
|
|
||||||
- ulogfd = open(logname, O_RDWR, 0600);
|
|
||||||
+ ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600);
|
|
||||||
if (ulogfd == -1)
|
|
||||||
return errno;
|
|
||||||
}
|
|
||||||
Index: krb5-1.16.1/src/slave/kpropd.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.16.1.orig/src/slave/kpropd.c
|
|
||||||
+++ krb5-1.16.1/src/slave/kpropd.c
|
|
||||||
@@ -488,7 +488,9 @@ doit(int fd)
|
|
||||||
krb5_enctype etype;
|
|
||||||
int database_fd;
|
|
||||||
char host[INET6_ADDRSTRLEN + 1];
|
|
||||||
-
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ void *selabel;
|
|
||||||
+#endif
|
|
||||||
signal_wrapper(SIGALRM, alarm_handler);
|
|
||||||
alarm(params.iprop_resync_timeout);
|
|
||||||
fromlen = sizeof(from);
|
|
||||||
@@ -543,9 +545,15 @@ doit(int fd)
|
|
||||||
free(name);
|
|
||||||
exit(1);
|
|
||||||
}
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ selabel = krb5int_push_fscreatecon_for(file);
|
|
||||||
+#endif
|
|
||||||
omask = umask(077);
|
|
||||||
lock_fd = open(temp_file_name, O_RDWR | O_CREAT, 0600);
|
|
||||||
(void)umask(omask);
|
|
||||||
+#ifdef USE_SELINUX
|
|
||||||
+ krb5int_pop_fscreatecon(selabel);
|
|
||||||
+#endif
|
|
||||||
retval = krb5_lock_file(kpropd_context, lock_fd,
|
|
||||||
KRB5_LOCKMODE_EXCLUSIVE | KRB5_LOCKMODE_DONTBLOCK);
|
|
||||||
if (retval) {
|
|
44
0009-krb5-1.9-debuginfo.patch
Normal file
44
0009-krb5-1.9-debuginfo.patch
Normal file
@ -0,0 +1,44 @@
|
|||||||
|
From ea232e6646a96e0b1dff41b1b1e0b30f95214ebe Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Mon, 14 Jan 2019 13:18:16 +0100
|
||||||
|
Subject: [PATCH 9/9] krb5-1.9-debuginfo
|
||||||
|
|
||||||
|
Import krb5-1.9-debuginfo.patch
|
||||||
|
|
||||||
|
We want to keep these y.tab.c files around because the debuginfo points to
|
||||||
|
them. It would be more elegant at the end to use symbolic links, but that
|
||||||
|
could mess up people working in the tree on other things.
|
||||||
|
---
|
||||||
|
src/kadmin/cli/Makefile.in | 5 +++++
|
||||||
|
src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +-
|
||||||
|
2 files changed, 6 insertions(+), 1 deletion(-)
|
||||||
|
|
||||||
|
diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in
|
||||||
|
index adfea6e2b..d1327e400 100644
|
||||||
|
--- a/src/kadmin/cli/Makefile.in
|
||||||
|
+++ b/src/kadmin/cli/Makefile.in
|
||||||
|
@@ -37,3 +37,8 @@ clean-unix::
|
||||||
|
# CC_LINK is not meant for compilation and this use may break in the future.
|
||||||
|
datetest: getdate.c
|
||||||
|
$(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c
|
||||||
|
+
|
||||||
|
+%.c: %.y
|
||||||
|
+ $(RM) y.tab.c $@
|
||||||
|
+ $(YACC.y) $<
|
||||||
|
+ $(CP) y.tab.c $@
|
||||||
|
diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in
|
||||||
|
index 8669c2436..a22f23c02 100644
|
||||||
|
--- a/src/plugins/kdb/ldap/ldap_util/Makefile.in
|
||||||
|
+++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in
|
||||||
|
@@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE)
|
||||||
|
getdate.c: $(GETDATE)
|
||||||
|
$(RM) getdate.c y.tab.c
|
||||||
|
$(YACC) $(GETDATE)
|
||||||
|
- $(MV) y.tab.c getdate.c
|
||||||
|
+ $(CP) y.tab.c getdate.c
|
||||||
|
|
||||||
|
install:
|
||||||
|
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
|
||||||
|
--
|
||||||
|
2.20.1
|
||||||
|
|
@ -1,12 +0,0 @@
|
|||||||
Set the default PATH to the one set by login.
|
|
||||||
|
|
||||||
--- krb5/src/clients/ksu/Makefile.in
|
|
||||||
+++ krb5/src/clients/ksu/Makefile.in
|
|
||||||
@@ -1,6 +1,6 @@
|
|
||||||
mydir=clients$(S)ksu
|
|
||||||
BUILDTOP=$(REL)..$(S)..
|
|
||||||
-DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"'
|
|
||||||
+DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"'
|
|
||||||
|
|
||||||
KSU_LIBS=@KSU_LIBS@
|
|
||||||
PAM_LIBS=@PAM_LIBS@
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117
|
|
||||||
size 9477480
|
|
@ -1,17 +0,0 @@
|
|||||||
-----BEGIN PGP SIGNATURE-----
|
|
||||||
Version: GnuPG v1
|
|
||||||
|
|
||||||
iQIVAwUAWushEwy6CFdfg3LfAQJ+eBAAijTUBfXzCuxCwbDhCFYb1fIbHMkKkTuq
|
|
||||||
knFKv0VbALW1qUAj5v35A6GjDam6a33bMvGX8MzbGK/a9IDkpvaaXP/c37V4OfiQ
|
|
||||||
MhA6uQl0vxBMoCZqAFEVcWd6+M/0rY0WBZKpXRiZxxuSNPnSXn1l9fQAcrYKGb7I
|
|
||||||
YpaAWnzw+cc1k4Xi+GaaSghEYA4dX7TXh1fViJyHaNSESYZjH3J6wEdPm6LtZk6q
|
|
||||||
GwJw/ieMQi8djde0AhCbzMHWiaeW3jNPOJmpd3mpY04BAAkzGCyRiYGscxb6ge4u
|
|
||||||
ag2fojv7rbnJxDzy9RO0ZP0+fVPDMwInZ5GHPftbraSDFkTH2JBAYFudPsLDAoRK
|
|
||||||
FdjLeHpvuU5ifXWrLyshVYYfeXSe0fHz9Xhfhq2/OmfBD6vQl5k86z8IqxNm4ujy
|
|
||||||
ziypmTzHFnP/sBKlMgSMdDEKoKZHxevVQM5eJQd1XGexmwogkSPX8mwoEc0q4dtZ
|
|
||||||
h5w/fCu4ERA0BihvnQMZCZgwe32pO27ccPc6PqNHffUSLOq74J4gBHeoAoZ+SYPu
|
|
||||||
33oG7wxh+8WONzEGujl1lmxHFstij/njg8nULQ6bo6hSZnlMD0gU59mG9seC2jjr
|
|
||||||
E4aM4TXd1ixxPzM/cqxfI9SalytwYW0gn7Vuyj3P8xIZ5GQZiTsD7XWJqzb3xHmA
|
|
||||||
2JSQt4TK3Cc=
|
|
||||||
=9z9K
|
|
||||||
-----END PGP SIGNATURE-----
|
|
3
krb5-1.17.tar.gz
Normal file
3
krb5-1.17.tar.gz
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:5a6e2284a53de5702d3dc2be3b9339c963f9b5397d3fbbc53beb249380a781f5
|
||||||
|
size 8761763
|
17
krb5-1.17.tar.gz.asc
Normal file
17
krb5-1.17.tar.gz.asc
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
-----BEGIN PGP SIGNATURE-----
|
||||||
|
Version: GnuPG v1
|
||||||
|
|
||||||
|
iQIcBAABAgAGBQJcNMxOAAoJEAy6CFdfg3LfjAwP/2/oQe+4Bs/XwZTwNfakTbBl
|
||||||
|
YHSY8MNAHIKsLh6Bn+SJBQQXSE0fEsm0hYH+JWz85+mzlZk7TbNZUI+zeikhLxi6
|
||||||
|
+d8MMQBpk2mQN0dkIeWjTdfkcThGCDSL7l0fh3MuEfN5C7QPAPD1JL1ZeqXPH5AV
|
||||||
|
PSQRC9s2wiOTwwuHM2i27rZ7gdhL/xfJ3ZPUFJH4klRgszwp9j10I/nh4/XyS/wB
|
||||||
|
82umjfusFPa9VNSPzm1jm94oRmALkR3CHGvmku2XD3YOv/f5yO8C1cHWNNLxg+5h
|
||||||
|
EqVv05ddb6iLku4fRhkEjfN3VgCtEvXuMkuAXppkDJJ7wWxMBWgCIr1DS/x7LfbL
|
||||||
|
CI0ZTejn8HCUBNmRWsKkUuebgHJ7ccch8p/Fp0cV4eT1FL35N2oV51u7+/zK6R8y
|
||||||
|
1dygUF2VWFOqwm8cyczdFue7dFQVDGCw7R2eK5lXY3NpZVmJblQ/gNLMcbOxGBis
|
||||||
|
H2dOzSn+CnxlD/2LqOZnhQ1WnGBhOMxoINwX/MQsIvkwAFaM1EsdhPIP/6mSVA/g
|
||||||
|
p04+YQ2u2ag7Pq3zHsMIonC18w4ZqDPcvXvOXqCHtlQBDAMtb927XvjoTNj5W8Ei
|
||||||
|
jywxqdWuuqalmrKGPEsKVOJZN6xg7UTgaKzcvQTvW7D3gLbrTT2iM++VKB3vh9V9
|
||||||
|
SkULnR3c7fKMzFeLb/Q2
|
||||||
|
=4hZX
|
||||||
|
-----END PGP SIGNATURE-----
|
@ -1,13 +0,0 @@
|
|||||||
Index: krb5-1.10.2/src/lib/gssapi/generic/disp_com_err_status.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/lib/gssapi/generic/disp_com_err_status.c
|
|
||||||
+++ krb5-1.10.2/src/lib/gssapi/generic/disp_com_err_status.c
|
|
||||||
@@ -52,7 +52,7 @@ g_display_com_err_status(OM_uint32 *mino
|
|
||||||
status_string->value = NULL;
|
|
||||||
|
|
||||||
if (! g_make_string_buffer(((status_value == 0)?no_error:
|
|
||||||
- error_message(status_value)),
|
|
||||||
+ error_message((long)status_value)),
|
|
||||||
status_string)) {
|
|
||||||
*minor_status = ENOMEM;
|
|
||||||
return(GSS_S_FAILURE);
|
|
@ -1,27 +0,0 @@
|
|||||||
---
|
|
||||||
src/man/ktutil.man | 12 ++++++++++++
|
|
||||||
1 file changed, 12 insertions(+)
|
|
||||||
|
|
||||||
Index: krb5-1.12.2/src/man/ktutil.man
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.12.2.orig/src/man/ktutil.man 2014-08-30 23:06:53.000000000 +0100
|
|
||||||
+++ krb5-1.12.2/src/man/ktutil.man 2014-08-30 23:07:00.000000000 +0100
|
|
||||||
@@ -162,6 +162,18 @@ ktutil:
|
|
||||||
.UNINDENT
|
|
||||||
.UNINDENT
|
|
||||||
.UNINDENT
|
|
||||||
+.SH REMARKS
|
|
||||||
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
|
|
||||||
+is never overwritten). To directly modify a keytab, save the changes to a
|
|
||||||
+temporary file and then overwrite the keytab file of interest.
|
|
||||||
+.TP
|
|
||||||
+.nf
|
|
||||||
+Example:
|
|
||||||
+ktutil> rkt /etc/krb5.keytab
|
|
||||||
+(modifications to keytab)
|
|
||||||
+ktutil> wkt /tmp/krb5.newtab
|
|
||||||
+ktutil> q
|
|
||||||
+# mv /tmp/krb5.newtab /etc/krb5.keytab
|
|
||||||
.SH SEE ALSO
|
|
||||||
.sp
|
|
||||||
\fIkadmin(1)\fP, \fIkdb5_util(8)\fP
|
|
@ -1,26 +0,0 @@
|
|||||||
We want to keep these y.tab.c files around because the debuginfo points to
|
|
||||||
them. It would be more elegant at the end to use symbolic links, but that
|
|
||||||
could mess up people working in the tree on other things.
|
|
||||||
|
|
||||||
--- krb5-1.15.orig/src/kadmin/cli/Makefile.in
|
|
||||||
+++ krb5-1.15/src/kadmin/cli/Makefile.in
|
|
||||||
@@ -37,3 +37,8 @@
|
|
||||||
# CC_LINK is not meant for compilation and this use may break in the future.
|
|
||||||
datetest: getdate.c
|
|
||||||
$(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c
|
|
||||||
+
|
|
||||||
+%.c: %.y
|
|
||||||
+ $(RM) y.tab.c $@
|
|
||||||
+ $(YACC.y) $<
|
|
||||||
+ $(CP) y.tab.c $@
|
|
||||||
--- krb5-1.15.orig/src/plugins/kdb/ldap/ldap_util/Makefile.in
|
|
||||||
+++ krb5-1.15/src/plugins/kdb/ldap/ldap_util/Makefile.in
|
|
||||||
@@ -20,7 +20,7 @@
|
|
||||||
getdate.c: $(GETDATE)
|
|
||||||
$(RM) getdate.c y.tab.c
|
|
||||||
$(YACC) $(GETDATE)
|
|
||||||
- $(MV) y.tab.c getdate.c
|
|
||||||
+ $(CP) y.tab.c getdate.c
|
|
||||||
|
|
||||||
install:
|
|
||||||
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
|
|
@ -1,18 +0,0 @@
|
|||||||
Change the absolute paths included in the man pages so that the correct
|
|
||||||
values can be dropped in by config.status. After applying this patch,
|
|
||||||
these files should be renamed to their ".in" counterparts, and then the
|
|
||||||
configure scripts should be rebuilt. Originally RT#6525
|
|
||||||
|
|
||||||
Index: krb5-1.11/src/man/kpropd.man
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.11.orig/src/man/kpropd.man
|
|
||||||
+++ krb5-1.11/src/man/kpropd.man
|
|
||||||
@@ -63,7 +63,7 @@ the \fB/etc/inetd.conf\fP file which loo
|
|
||||||
.sp
|
|
||||||
.nf
|
|
||||||
.ft C
|
|
||||||
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
|
||||||
+kprop stream tcp nowait root @SBINDIR@/kpropd kpropd
|
|
||||||
.ft P
|
|
||||||
.fi
|
|
||||||
.UNINDENT
|
|
@ -1,3 +1,74 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Replace old $RPM_* shell vars
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
- Upgrade to 1.17. Major changes:
|
||||||
|
Administrator experience:
|
||||||
|
* A new Kerberos database module using the Lightning Memory-Mapped
|
||||||
|
Database library (LMDB) has been added. The LMDB KDB module should
|
||||||
|
be more performant and more robust than the DB2 module, and may
|
||||||
|
become the default module for new databases in a future release.
|
||||||
|
* "kdb5_util dump" will no longer dump policy entries when specific
|
||||||
|
principal names are requested.
|
||||||
|
Developer experience:
|
||||||
|
* The new krb5_get_etype_info() API can be used to retrieve enctype,
|
||||||
|
salt, and string-to-key parameters from the KDC for a client
|
||||||
|
principal.
|
||||||
|
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
|
||||||
|
principal names to be used with GSS-API functions.
|
||||||
|
* KDC and kadmind modules which call com_err() will now write to the
|
||||||
|
log file in a format more consistent with other log messages.
|
||||||
|
* Programs which use large numbers of memory credential caches should
|
||||||
|
perform better.
|
||||||
|
Protocol evolution:
|
||||||
|
* The SPAKE pre-authentication mechanism is now supported. This
|
||||||
|
mechanism protects against password dictionary attacks without
|
||||||
|
requiring any additional infrastructure such as certificates. SPAKE
|
||||||
|
is enabled by default on clients, but must be manually enabled on
|
||||||
|
the KDC for this release.
|
||||||
|
* PKINIT freshness tokens are now supported. Freshness tokens can
|
||||||
|
protect against scenarios where an attacker uses temporary access to
|
||||||
|
a smart card to generate authentication requests for the future.
|
||||||
|
* Password change operations now prefer TCP over UDP, to avoid
|
||||||
|
spurious error messages about replays when a response packet is
|
||||||
|
dropped.
|
||||||
|
* The KDC now supports cross-realm S4U2Self requests when used with a
|
||||||
|
third-party KDB module such as Samba's. The client code for
|
||||||
|
cross-realm S4U2Self requests is also now more robust.
|
||||||
|
User experience:
|
||||||
|
* The new ktutil addent -f flag can be used to fetch salt information
|
||||||
|
from the KDC for password-based keys.
|
||||||
|
* The new kdestroy -p option can be used to destroy a credential cache
|
||||||
|
within a collection by client principal name.
|
||||||
|
* The Kerberos man page has been restored, and documents the
|
||||||
|
environment variables that affect programs using the Kerberos
|
||||||
|
library.
|
||||||
|
Code quality:
|
||||||
|
* Python test scripts now use Python 3.
|
||||||
|
* Python test scripts now display markers in verbose output, making it
|
||||||
|
easier to find where a failure occurred within the scripts.
|
||||||
|
* The Windows build system has been simplified and updated to work
|
||||||
|
with more recent versions of Visual Studio. A large volume of
|
||||||
|
unused Windows-specific code has been removed. Visual Studio 2013
|
||||||
|
or later is now required.
|
||||||
|
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
|
||||||
|
by transactional updates; (bsc#1100126);
|
||||||
|
- Rename patches:
|
||||||
|
* krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
|
||||||
|
* krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
|
||||||
|
* krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
|
||||||
|
* krb5-1.6.3-gssapi_improve_errormessages.dif to
|
||||||
|
0004-krb5-1.6.3-gssapi_improve_errormessages.patch
|
||||||
|
* krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
|
||||||
|
* krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
|
||||||
|
* krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
|
||||||
|
* krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch
|
||||||
|
* krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 9 20:13:24 UTC 2018 - James McDonough <jmcdonough@suse.com>
|
Tue Oct 9 20:13:24 UTC 2018 - James McDonough <jmcdonough@suse.com>
|
||||||
|
|
||||||
@ -11,7 +82,7 @@ Tue Oct 9 20:13:24 UTC 2018 - James McDonough <jmcdonough@suse.com>
|
|||||||
* dates through 2106 accepted
|
* dates through 2106 accepted
|
||||||
* KDC support for trivially renewable tickets
|
* KDC support for trivially renewable tickets
|
||||||
* stop caching referral and alternate cross-realm TGTs to prevent
|
* stop caching referral and alternate cross-realm TGTs to prevent
|
||||||
duplicate credential cache entries
|
duplicate credential cache entries
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com
|
Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com
|
||||||
@ -38,7 +109,7 @@ Wed Apr 25 21:56:35 UTC 2018 - luizluca@gmail.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 23 13:38:33 UTC 2017 - rbrown@suse.com
|
Thu Nov 23 13:38:33 UTC 2017 - rbrown@suse.com
|
||||||
|
|
||||||
- Replace references to /var/adm/fillup-templates with new
|
- Replace references to /var/adm/fillup-templates with new
|
||||||
%_fillupdir macro (boo#1069468)
|
%_fillupdir macro (boo#1069468)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -194,7 +265,7 @@ Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
|
|||||||
nonexistent policies
|
nonexistent policies
|
||||||
* Fix a rare KDC denial of service vulnerability when anonymous client
|
* Fix a rare KDC denial of service vulnerability when anonymous client
|
||||||
principals are restricted to obtaining TGTs only [CVE-2016-3120]
|
principals are restricted to obtaining TGTs only [CVE-2016-3120]
|
||||||
|
|
||||||
------------------------------------------------------------------
|
------------------------------------------------------------------
|
||||||
Tue May 10 12:41:14 UTC 2016 - hguo@suse.com
|
Tue May 10 12:41:14 UTC 2016 - hguo@suse.com
|
||||||
|
|
||||||
@ -528,7 +599,7 @@ Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
|
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
|
||||||
|
|
||||||
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
|
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
|
||||||
- added patches:
|
- added patches:
|
||||||
* bnc#897874-CVE-2014-5351.diff
|
* bnc#897874-CVE-2014-5351.diff
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -569,7 +640,7 @@ Fri Aug 8 15:55:01 UTC 2014 - ckornacker@suse.com
|
|||||||
|
|
||||||
- buffer overrun in kadmind with LDAP backend
|
- buffer overrun in kadmind with LDAP backend
|
||||||
CVE-2014-4345 (bnc#891082)
|
CVE-2014-4345 (bnc#891082)
|
||||||
krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
|
krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
||||||
@ -582,7 +653,7 @@ Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com
|
Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com
|
||||||
|
|
||||||
- Do not depend of insserv if systemd is used
|
- Do not depend of insserv if systemd is used
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com
|
Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com
|
||||||
@ -653,7 +724,7 @@ Mon Jan 13 15:37:16 UTC 2014 - ckornacker@suse.com
|
|||||||
* krb5-master-gss_oid_leak.patch
|
* krb5-master-gss_oid_leak.patch
|
||||||
- Fix SPNEGO one-hop interop against old IIS
|
- Fix SPNEGO one-hop interop against old IIS
|
||||||
* krb5-master-ignore-empty-unnecessary-final-token.patch
|
* krb5-master-ignore-empty-unnecessary-final-token.patch
|
||||||
- Fix GSS krb5 acceptor acquire_cred error handling
|
- Fix GSS krb5 acceptor acquire_cred error handling
|
||||||
* krb5-master-keytab_close.patch
|
* krb5-master-keytab_close.patch
|
||||||
- Avoid malloc(0) in SPNEGO get_input_token
|
- Avoid malloc(0) in SPNEGO get_input_token
|
||||||
* krb5-master-no-malloc0.patch
|
* krb5-master-no-malloc0.patch
|
||||||
@ -686,7 +757,7 @@ Mon Jun 24 16:21:07 UTC 2013 - mc@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org
|
Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org
|
||||||
|
|
||||||
- remove fstack-protector-all from CFLAGS, just use the
|
- remove fstack-protector-all from CFLAGS, just use the
|
||||||
lighter/fast version already present in %optflags
|
lighter/fast version already present in %optflags
|
||||||
|
|
||||||
- Use LFS_CFLAGS to build in 32 bit archs.
|
- Use LFS_CFLAGS to build in 32 bit archs.
|
||||||
@ -725,7 +796,7 @@ Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de
|
|||||||
that failed to load.
|
that failed to load.
|
||||||
* gss_import_sec_context incorrectly set internal state that
|
* gss_import_sec_context incorrectly set internal state that
|
||||||
identifies whether an imported context is from an interposer
|
identifies whether an imported context is from an interposer
|
||||||
mechanism or from the underlying mechanism.
|
mechanism or from the underlying mechanism.
|
||||||
- upstream fix obsolete krb5-lookup_etypes-leak.patch
|
- upstream fix obsolete krb5-lookup_etypes-leak.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -927,7 +998,7 @@ Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
|
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
|
||||||
|
|
||||||
- add patches from Fedora and upstream
|
- add patches from Fedora and upstream
|
||||||
- fix init scripts (bnc#689006)
|
- fix init scripts (bnc#689006)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -965,12 +1036,12 @@ Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
|
|||||||
CVE-2010-4022
|
CVE-2010-4022
|
||||||
- Fix KDC denial of service attacks with LDAP back end
|
- Fix KDC denial of service attacks with LDAP back end
|
||||||
(MITKRB5-SA-2011-002, bnc#663619)
|
(MITKRB5-SA-2011-002, bnc#663619)
|
||||||
CVE-2011-0281, CVE-2011-0282
|
CVE-2011-0281, CVE-2011-0282
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- Fix multiple checksum handling vulnerabilities
|
- Fix multiple checksum handling vulnerabilities
|
||||||
(MITKRB5-SA-2010-007, bnc#650650)
|
(MITKRB5-SA-2010-007, bnc#650650)
|
||||||
CVE-2010-1324
|
CVE-2010-1324
|
||||||
* krb5 GSS-API applications may accept unkeyed checksums
|
* krb5 GSS-API applications may accept unkeyed checksums
|
||||||
@ -982,21 +1053,21 @@ Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
|||||||
CVE-2010-4020
|
CVE-2010-4020
|
||||||
* krb5 may accept authdata checksums with low-entropy derived keys
|
* krb5 may accept authdata checksums with low-entropy derived keys
|
||||||
CVE-2010-4021
|
CVE-2010-4021
|
||||||
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
|
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de
|
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix csh profile (bnc#649856)
|
- fix csh profile (bnc#649856)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de
|
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- update to krb5-1.8.3
|
- update to krb5-1.8.3
|
||||||
* remove patches which are now upstrem
|
* remove patches which are now upstrem
|
||||||
- krb5-1.7-MITKRB5-SA-2010-004.dif
|
- krb5-1.7-MITKRB5-SA-2010-004.dif
|
||||||
- krb5-1.8.1-gssapi-error-table.dif
|
- krb5-1.8.1-gssapi-error-table.dif
|
||||||
- krb5-MITKRB5-SA-2010-005.dif
|
- krb5-MITKRB5-SA-2010-005.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
||||||
@ -1008,7 +1079,7 @@ Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
|||||||
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
|
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix a dereference of an uninitialized pointer while processing
|
- fix a dereference of an uninitialized pointer while processing
|
||||||
authorization data.
|
authorization data.
|
||||||
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
|
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1021,12 +1092,12 @@ Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com
|
|||||||
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
|
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix GSS-API library null pointer dereference
|
- fix GSS-API library null pointer dereference
|
||||||
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
|
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de
|
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix a double free vulnerability in the KDC
|
- fix a double free vulnerability in the KDC
|
||||||
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
|
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1034,12 +1105,12 @@ Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de
|
|||||||
|
|
||||||
- update to version 1.8.1
|
- update to version 1.8.1
|
||||||
* include krb5-1.8-POST.dif
|
* include krb5-1.8-POST.dif
|
||||||
* include MITKRB5-SA-2010-002
|
* include MITKRB5-SA-2010-002
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
|
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.8-POST.dif
|
- update krb5-1.8-POST.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
||||||
@ -1047,17 +1118,17 @@ Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
|||||||
- fix a bug where an unauthenticated remote attacker could cause
|
- fix a bug where an unauthenticated remote attacker could cause
|
||||||
a GSS-API application including the Kerberos administration
|
a GSS-API application including the Kerberos administration
|
||||||
daemon (kadmind) to crash.
|
daemon (kadmind) to crash.
|
||||||
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
|
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- add post 1.8 fixes
|
- add post 1.8 fixes
|
||||||
* Add IPv6 support to changepw.c
|
* Add IPv6 support to changepw.c
|
||||||
* fix two problems in kadm5_get_principal mask handling
|
* fix two problems in kadm5_get_principal mask handling
|
||||||
* Ignore improperly encoded signedpath AD elements
|
* Ignore improperly encoded signedpath AD elements
|
||||||
* handle NT_SRV_INST in service principal referrals
|
* handle NT_SRV_INST in service principal referrals
|
||||||
* dereference options while checking
|
* dereference options while checking
|
||||||
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
|
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
|
||||||
* Fix the kpasswd fallback from the ccache principal name
|
* Fix the kpasswd fallback from the ccache principal name
|
||||||
* Document the ticket_lifetime libdefaults setting
|
* Document the ticket_lifetime libdefaults setting
|
||||||
@ -1067,16 +1138,16 @@ Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
|||||||
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.8
|
- update to version 1.8
|
||||||
* Increase code quality
|
* Increase code quality
|
||||||
* Move toward improved KDB interface
|
* Move toward improved KDB interface
|
||||||
* Investigate and remedy repeatedly-reported performance
|
* Investigate and remedy repeatedly-reported performance
|
||||||
bottlenecks.
|
bottlenecks.
|
||||||
* Reduce DNS dependence by implementing an interface that allows
|
* Reduce DNS dependence by implementing an interface that allows
|
||||||
client library to track whether a KDC supports service
|
client library to track whether a KDC supports service
|
||||||
principal referrals.
|
principal referrals.
|
||||||
* Disable DES by default
|
* Disable DES by default
|
||||||
* Account lockout for repeated login failures
|
* Account lockout for repeated login failures
|
||||||
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
||||||
backend modules
|
backend modules
|
||||||
* FAST enhancements
|
* FAST enhancements
|
||||||
* Microsoft Services for User (S4U) compatibility
|
* Microsoft Services for User (S4U) compatibility
|
||||||
@ -1088,7 +1159,7 @@ Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
|||||||
- fix integer underflow in AES and RC4 decryption
|
- fix integer underflow in AES and RC4 decryption
|
||||||
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
||||||
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
||||||
|
|
||||||
@ -1108,12 +1179,12 @@ Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to final 1.7 release
|
- update to final 1.7 release
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.7 Beta2
|
- update to version 1.7 Beta2
|
||||||
* Incremental propagation support for the KDC database.
|
* Incremental propagation support for the KDC database.
|
||||||
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
||||||
framework that can protect the AS exchange from dictionary attack.
|
framework that can protect the AS exchange from dictionary attack.
|
||||||
@ -1126,7 +1197,7 @@ Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to pre 1.7 version
|
- update to pre 1.7 version
|
||||||
* Remove support for version 4 of the Kerberos protocol (krb4).
|
* Remove support for version 4 of the Kerberos protocol (krb4).
|
||||||
* New libdefaults configuration variable "allow_weak_crypto".
|
* New libdefaults configuration variable "allow_weak_crypto".
|
||||||
* Client library now follows client principal referrals, for
|
* Client library now follows client principal referrals, for
|
||||||
@ -1155,7 +1226,7 @@ Wed Jan 14 09:21:36 CET 2009 - olh@suse.de
|
|||||||
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
||||||
|
|
||||||
- do not query IPv6 addresses if no IPv6 address exists on this host
|
- do not query IPv6 addresses if no IPv6 address exists on this host
|
||||||
[bnc#449143]
|
[bnc#449143]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
||||||
@ -1172,7 +1243,7 @@ Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
|||||||
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- in case we use ldap as database backend, ldap should be
|
- in case we use ldap as database backend, ldap should be
|
||||||
started before krb5kdc
|
started before krb5kdc
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
||||||
@ -1180,8 +1251,8 @@ Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
|||||||
- add new fixes to post 1.6.3 patch
|
- add new fixes to post 1.6.3 patch
|
||||||
* fix mem leak in krb5_gss_accept_sec_context()
|
* fix mem leak in krb5_gss_accept_sec_context()
|
||||||
* keep minor_status
|
* keep minor_status
|
||||||
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
||||||
"to be ignored"
|
"to be ignored"
|
||||||
* Reject socket fds > FD_SETSIZE
|
* Reject socket fds > FD_SETSIZE
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1198,14 +1269,14 @@ Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de
|
|||||||
|
|
||||||
- add case-insensitive.dif (FATE#300771)
|
- add case-insensitive.dif (FATE#300771)
|
||||||
- minor fixes for ktutil man page
|
- minor fixes for ktutil man page
|
||||||
- reduce rpmlint warnings
|
- reduce rpmlint warnings
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
||||||
- restore valid sequence number before generating requests
|
- restore valid sequence number before generating requests
|
||||||
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
||||||
@ -1216,7 +1287,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- modify krb5-config to not output rpath and cflags in --libs
|
- modify krb5-config to not output rpath and cflags in --libs
|
||||||
(bnc#378270)
|
(bnc#378270)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1228,7 +1299,7 @@ Fri Mar 14 11:27:55 CET 2008 - mc@suse.de
|
|||||||
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
||||||
Memory corruption while too many open file descriptors
|
Memory corruption while too many open file descriptors
|
||||||
[bnc#363151]
|
[bnc#363151]
|
||||||
- change default config file. Comment out the examples.
|
- change default config file. Comment out the examples.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
||||||
@ -1243,12 +1314,12 @@ Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- improve GSSAPI error messages
|
- improve GSSAPI error messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- add coreutils to PreReq
|
- add coreutils to PreReq
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
||||||
@ -1264,8 +1335,8 @@ Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
|||||||
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6.2-post.dif
|
- update krb5-1.6.2-post.dif
|
||||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||||
that the client library will not failover to the next KDC.
|
that the client library will not failover to the next KDC.
|
||||||
[#310540]
|
[#310540]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1275,7 +1346,7 @@ Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
|
|||||||
* new -S sname option for kvno
|
* new -S sname option for kvno
|
||||||
* read_entropy_from_device on partial read will not fill buffer
|
* read_entropy_from_device on partial read will not fill buffer
|
||||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||||
* patch for referrals loop
|
* patch for referrals loop
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
||||||
@ -1296,10 +1367,10 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
|||||||
|
|
||||||
- add krb5-1.6.2-post.dif
|
- add krb5-1.6.2-post.dif
|
||||||
* during the referrals loop, check to see if the
|
* during the referrals loop, check to see if the
|
||||||
session key enctype of a returned credential for the final
|
session key enctype of a returned credential for the final
|
||||||
service is among the enctypes explicitly selected by the
|
service is among the enctypes explicitly selected by the
|
||||||
application, and retry with old_use_conf_ktypes if it is not.
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
* If mkstemp() is available, the new ccache file gets created but
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
was already created by mkstemp(). Apply patch from Apple to keep
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
the file descriptor open.
|
the file descriptor open.
|
||||||
@ -1308,7 +1379,7 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
|||||||
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6.2
|
- update to version 1.6.2
|
||||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
||||||
@ -1320,7 +1391,7 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
|||||||
|
|
||||||
- update krb5-1.6.1-post.dif
|
- update krb5-1.6.1-post.dif
|
||||||
* fix leak in krb5_walk_realm_tree
|
* fix leak in krb5_walk_realm_tree
|
||||||
* rd_req_decoded needs to deal with referral realms
|
* rd_req_decoded needs to deal with referral realms
|
||||||
* fix buffer overflow in kadmind
|
* fix buffer overflow in kadmind
|
||||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||||
[#278689]
|
[#278689]
|
||||||
@ -1331,14 +1402,14 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- fix unstripped-binary-or-object rpmlint warning
|
- fix unstripped-binary-or-object rpmlint warning
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
||||||
|
|
||||||
- fixing rpmlint warnings and errors:
|
- fixing rpmlint warnings and errors:
|
||||||
* merged logrotate scripts kadmin and krb5kdc into a single file
|
* merged logrotate scripts kadmin and krb5kdc into a single file
|
||||||
krb5-server.
|
krb5-server.
|
||||||
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
||||||
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
||||||
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
||||||
@ -1351,32 +1422,32 @@ Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- fix uninitialized salt length
|
- fix uninitialized salt length
|
||||||
- add extra check for keytab file
|
- add extra check for keytab file
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- adding krb5-1.6.1-post.dif
|
- adding krb5-1.6.1-post.dif
|
||||||
* fix segfault in krb5_get_init_creds_password
|
* fix segfault in krb5_get_init_creds_password
|
||||||
* remove debug output in ftp client
|
* remove debug output in ftp client
|
||||||
* profile stores empty string values without double quotes
|
* profile stores empty string values without double quotes
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to final 1.6.1 version
|
- update to final 1.6.1 version
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- add plugin directories to main package
|
- add plugin directories to main package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6.1 Beta1
|
- update to version 1.6.1 Beta1
|
||||||
- remove obsolete patches
|
- remove obsolete patches
|
||||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||||
- rework compile_pie patch
|
- rework compile_pie patch
|
||||||
|
|
||||||
@ -1403,8 +1474,8 @@ Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- move SuSEFirewall service definitions to
|
- move SuSEFirewall service definitions to
|
||||||
/etc/sysconfig/SuSEfirewall2.d/services
|
/etc/sysconfig/SuSEfirewall2.d/services
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
||||||
@ -1415,12 +1486,12 @@ Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
|||||||
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6-post.dif
|
- update krb5-1.6-post.dif
|
||||||
- move some applications into the right package
|
- move some applications into the right package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6-post.dif
|
- update krb5-1.6-post.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
||||||
@ -1438,16 +1509,16 @@ Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- krb5-devel should require keyutils-devel
|
- krb5-devel should require keyutils-devel
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6
|
- update to version 1.6
|
||||||
* Major changes in 1.6 include
|
* Major changes in 1.6 include
|
||||||
* Partial client implementation to handle server name referrals.
|
* Partial client implementation to handle server name referrals.
|
||||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||||
* LDAP KDB plug-in, donated by Novell.
|
* LDAP KDB plug-in, donated by Novell.
|
||||||
- remove obsolete patches
|
- remove obsolete patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1465,14 +1536,14 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- Fix Requires in krb5-devel
|
- Fix Requires in krb5-devel
|
||||||
[Bug #231008]
|
[Bug #231008]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix "local variable used before set" [#217692]
|
- fix "local variable used before set" [#217692]
|
||||||
- fix strncat warning
|
- fix strncat warning
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
||||||
@ -1483,7 +1554,7 @@ Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix function call with too few arguments [#203837]
|
- fix function call with too few arguments [#203837]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
||||||
@ -1491,7 +1562,7 @@ Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
|||||||
- update to version 1.5.1
|
- update to version 1.5.1
|
||||||
- remove obsolete patches which are now included upstream
|
- remove obsolete patches which are now included upstream
|
||||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||||
* trunk-fix-uninitialized-vars.dif
|
* trunk-fix-uninitialized-vars.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
||||||
@ -1503,7 +1574,7 @@ Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- remove update-messages
|
- remove update-messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
||||||
@ -1515,13 +1586,13 @@ Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
|||||||
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.5
|
- update to version 1.5
|
||||||
* KDB abstraction layer, donated by Novell.
|
* KDB abstraction layer, donated by Novell.
|
||||||
* plug-in architecture, allowing for extension modules to be
|
* plug-in architecture, allowing for extension modules to be
|
||||||
loaded at run-time.
|
loaded at run-time.
|
||||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
* multi-mechanism GSS-API implementation ("mechglue"),
|
||||||
donated by Sun Microsystems
|
donated by Sun Microsystems
|
||||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||||
implementation, donated by Sun Microsystems
|
implementation, donated by Sun Microsystems
|
||||||
- remove obsolete patches and add some new
|
- remove obsolete patches and add some new
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1535,17 +1606,17 @@ Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de
|
|||||||
|
|
||||||
- add all daemons to %stop_on_removal and %restart_on_update
|
- add all daemons to %stop_on_removal and %restart_on_update
|
||||||
- add reload to kpropd init script
|
- add reload to kpropd init script
|
||||||
- add force-reload to all init scripts
|
- add force-reload to all init scripts
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- add libgssapi_krb5.so link to main package [#147912]
|
- add libgssapi_krb5.so link to main package [#147912]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix logging section for kadmind in convert script
|
- fix logging section for kadmind in convert script
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
||||||
@ -1555,12 +1626,12 @@ Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- change the logging defaults
|
- change the logging defaults
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- add tools and README for heimdal => MIT update
|
- add tools and README for heimdal => MIT update
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
||||||
@ -1571,7 +1642,7 @@ Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- added "make %{?jobs:-j%jobs}"
|
- added "make %{?jobs:-j%jobs}"
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
||||||
@ -1580,33 +1651,33 @@ Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
|||||||
* some memmory leaks fixed
|
* some memmory leaks fixed
|
||||||
* fix for "AS_REP padata has wrong enctype"
|
* fix for "AS_REP padata has wrong enctype"
|
||||||
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
||||||
* ... and more
|
* ... and more
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
||||||
|
|
||||||
- don't build as root
|
- don't build as root
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.4.2
|
- update to version 1.4.2
|
||||||
- remove some obsolet patches
|
- remove some obsolet patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- build with --disable-static
|
- build with --disable-static
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
||||||
|
|
||||||
- remove devel-static subpackage
|
- remove devel-static subpackage
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- better patch for princ_comp problem
|
- better patch for princ_comp problem
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
||||||
@ -1625,18 +1696,18 @@ Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de
|
|||||||
- fixed krb5 double free()
|
- fixed krb5 double free()
|
||||||
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
||||||
- fix krb5 NULL pointer reference while comparing principals
|
- fix krb5 NULL pointer reference while comparing principals
|
||||||
[#91600]
|
[#91600]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fix uninitialized variables
|
- fix uninitialized variables
|
||||||
- compile with -fPIE/ link with -pie
|
- compile with -fPIE/ link with -pie
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed wrong xinetd files [#77149]
|
- fixed wrong xinetd files [#77149]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
||||||
@ -1647,26 +1718,26 @@ Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed missing descriptions in init files
|
- fixed missing descriptions in init files
|
||||||
[#76164, #76165, #76166, #76169]
|
[#76164, #76165, #76166, #76169]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- enhance $PATH via /etc/profile.d/ [#74018]
|
- enhance $PATH via /etc/profile.d/ [#74018]
|
||||||
- remove the "links to important programs"
|
- remove the "links to important programs"
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed not running converter script [#72854]
|
- fixed not running converter script [#72854]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
||||||
Overflow
|
Overflow
|
||||||
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
||||||
Overflow
|
Overflow
|
||||||
[#73618]
|
[#73618]
|
||||||
|
|
||||||
@ -1684,38 +1755,38 @@ Tue Mar 15 19:54:58 CET 2005 - mc@suse.de
|
|||||||
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
||||||
[#72446]
|
[#72446]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fix double free [#66534]
|
- fix double free [#66534]
|
||||||
krb5-1.4-fix-error_tables.dif
|
krb5-1.4-fix-error_tables.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- change mode for shared libraries to 755
|
- change mode for shared libraries to 755
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- remove spx.c from tarball because of legal risk
|
- remove spx.c from tarball because of legal risk
|
||||||
- add README.Source which tell the user about this
|
- add README.Source which tell the user about this
|
||||||
action.
|
action.
|
||||||
- add a check for spx.c in the spec-file
|
- add a check for spx.c in the spec-file
|
||||||
- use rich-text for update-messages [#50250]
|
- use rich-text for update-messages [#50250]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add krb5-1.4-reduce-namespace-polution.dif
|
- add krb5-1.4-reduce-namespace-polution.dif
|
||||||
reduce namespace polution in gssapi.h [#50356]
|
reduce namespace polution in gssapi.h [#50356]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
||||||
@ -1737,13 +1808,13 @@ Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add proofreaded update-messages
|
- add proofreaded update-messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- remove Conflicts: and add Provides:
|
- remove Conflicts: and add Provides:
|
||||||
- add some insserv stuff
|
- add some insserv stuff
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
||||||
@ -1758,13 +1829,13 @@ Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
|||||||
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.3.6
|
- update to version 1.3.6
|
||||||
- fix for: heap buffer overflow in libkadm5srv
|
- fix for: heap buffer overflow in libkadm5srv
|
||||||
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- build doc subpackage in an own specfile
|
- build doc subpackage in an own specfile
|
||||||
- removed unnecessary neededforbuild requirements
|
- removed unnecessary neededforbuild requirements
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1776,7 +1847,7 @@ Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de
|
|||||||
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- added Conflicts with heimdal*
|
- added Conflicts with heimdal*
|
||||||
- rename some manpages to avoid conflicts
|
- rename some manpages to avoid conflicts
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
||||||
@ -1790,11 +1861,10 @@ Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
|||||||
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- add e2fsprogs to NFB
|
- add e2fsprogs to NFB
|
||||||
- use system-et and system-ss
|
- use system-et and system-ss
|
||||||
- fix includes of com_err.h
|
- fix includes of com_err.h
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
||||||
|
|
||||||
- Initital checkin
|
- Initital checkin
|
||||||
|
|
||||||
|
114
krb5-mini.spec
114
krb5-mini.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package krb5-mini
|
# spec file for package krb5-mini
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -21,26 +21,26 @@
|
|||||||
%define _fillupdir /var/adm/fillup-templates
|
%define _fillupdir /var/adm/fillup-templates
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
%define srcRoot krb5-1.16.1
|
%define srcRoot krb5-%{version}
|
||||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||||
%define krb5docdir %{_defaultdocdir}/krb5
|
%define krb5docdir %{_defaultdocdir}/krb5
|
||||||
|
|
||||||
Name: krb5-mini
|
Name: krb5-mini
|
||||||
Url: https://web.mit.edu/kerberos/www/
|
Version: 1.17
|
||||||
|
Release: 0
|
||||||
|
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
|
||||||
|
License: MIT
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://web.mit.edu/kerberos/www/
|
||||||
|
Obsoletes: krb5-plugin-preauth-pkinit-nss
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: keyutils
|
BuildRequires: keyutils
|
||||||
BuildRequires: keyutils-devel
|
BuildRequires: keyutils-devel
|
||||||
BuildRequires: libcom_err-devel
|
BuildRequires: libcom_err-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: ncurses-devel
|
|
||||||
Version: 1.16.1
|
|
||||||
Release: 0
|
|
||||||
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
|
|
||||||
License: MIT
|
|
||||||
Group: Productivity/Networking/Security
|
|
||||||
Obsoletes: krb5-plugin-preauth-pkinit-nss
|
|
||||||
BuildRequires: libverto-devel
|
BuildRequires: libverto-devel
|
||||||
|
BuildRequires: ncurses-devel
|
||||||
# bug437293
|
# bug437293
|
||||||
%ifarch ppc64
|
%ifarch ppc64
|
||||||
Obsoletes: krb5-64bit
|
Obsoletes: krb5-64bit
|
||||||
@ -52,21 +52,22 @@ Conflicts: krb5-server
|
|||||||
Conflicts: krb5-plugin-kdb-ldap
|
Conflicts: krb5-plugin-kdb-ldap
|
||||||
Conflicts: krb5-plugin-preauth-pkinit
|
Conflicts: krb5-plugin-preauth-pkinit
|
||||||
Conflicts: krb5-plugin-preauth-otp
|
Conflicts: krb5-plugin-preauth-otp
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}.tar.gz
|
||||||
Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc
|
Source1: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}.tar.gz.asc
|
||||||
Source2: krb5.keyring
|
Source2: krb5.keyring
|
||||||
Source3: vendor-files.tar.bz2
|
Source3: vendor-files.tar.bz2
|
||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
Source5: krb5-rpmlintrc
|
Source5: krb5-rpmlintrc
|
||||||
Patch1: krb5-1.12-pam.patch
|
Source6: krb5.tmpfiles
|
||||||
Patch2: krb5-1.9-manpaths.dif
|
Patch1: 0001-krb5-1.12-pam.patch
|
||||||
Patch3: krb5-1.12-buildconf.patch
|
Patch2: 0002-krb5-1.9-manpaths.patch
|
||||||
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
Patch3: 0003-krb5-1.12-buildconf.patch
|
||||||
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
Patch4: 0004-krb5-1.6.3-gssapi_improve_errormessages.patch
|
||||||
Patch8: krb5-1.12-api.patch
|
Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch
|
||||||
Patch11: krb5-1.12-ksu-path.patch
|
Patch6: 0006-krb5-1.12-api.patch
|
||||||
Patch12: krb5-1.12-selinux-label.patch
|
Patch7: 0007-krb5-1.12-ksu-path.patch
|
||||||
Patch13: krb5-1.9-debuginfo.patch
|
Patch8: 0008-krb5-1.12-selinux-label.patch
|
||||||
|
Patch9: 0009-krb5-1.9-debuginfo.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
PreReq: %fillup_prereq
|
PreReq: %fillup_prereq
|
||||||
|
|
||||||
@ -104,11 +105,11 @@ Include Files for Development
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch11 -p1
|
%patch9 -p1
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# needs to be re-generated
|
# needs to be re-generated
|
||||||
@ -118,7 +119,7 @@ autoreconf -fi
|
|||||||
DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
|
DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
|
||||||
./configure \
|
./configure \
|
||||||
CC="%{__cc}" \
|
CC="%{__cc}" \
|
||||||
CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \
|
CFLAGS="%{optflags} -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \
|
||||||
CPPFLAGS="-I%{_includedir}/et " \
|
CPPFLAGS="-I%{_includedir}/et " \
|
||||||
SS_LIB="-lss" \
|
SS_LIB="-lss" \
|
||||||
--prefix=/usr/lib/mit \
|
--prefix=/usr/lib/mit \
|
||||||
@ -147,25 +148,19 @@ make %{?_smp_mflags}
|
|||||||
cp man/kadmin.man man/kadmin.local.8
|
cp man/kadmin.man man/kadmin.local.8
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{_localstatedir}/log/krb5
|
||||||
# Where per-user keytabs live by default.
|
%make_install -C src
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/kerberos/krb5/user
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5
|
|
||||||
|
|
||||||
cd src
|
|
||||||
make DESTDIR=%{buildroot} install
|
|
||||||
cd ..
|
|
||||||
# Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks
|
# Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks
|
||||||
# of the buildconf patch already conspire to strip out /usr/<anything> from the
|
# of the buildconf patch already conspire to strip out /usr/<anything> from the
|
||||||
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
||||||
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config
|
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' %{buildroot}/usr/lib/mit/bin/krb5-config
|
||||||
|
|
||||||
# install autoconf macro
|
# install autoconf macro
|
||||||
mkdir -p %{buildroot}/%{_datadir}/aclocal
|
mkdir -p %{buildroot}/%{_datadir}/aclocal
|
||||||
install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/
|
install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/
|
||||||
# install sample config files
|
# install sample config files
|
||||||
# I'll probably do something about this later on
|
# I'll probably do something about this later on
|
||||||
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
|
mkdir -p %{buildroot}%{_sysconfdir}
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d
|
mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d
|
||||||
mkdir -p %{buildroot}/etc/profile.d/
|
mkdir -p %{buildroot}/etc/profile.d/
|
||||||
mkdir -p %{buildroot}/var/log/krb5
|
mkdir -p %{buildroot}/var/log/krb5
|
||||||
@ -176,13 +171,22 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
|
|||||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
|
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
|
||||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls
|
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls
|
||||||
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
|
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
|
||||||
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
|
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
|
||||||
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
||||||
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
||||||
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
||||||
|
|
||||||
|
# Do not write directly to /var/lib/kerberos anymore as it breaks transactional
|
||||||
|
# updates. Use systemd-tmpfiles to copy the files there when it doesn't exist
|
||||||
|
install -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/
|
||||||
|
install -m 644 %{SOURCE6} %{buildroot}/usr/lib/tmpfiles.d/krb5.conf
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc
|
||||||
|
# Where per-user keytabs live by default.
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user
|
||||||
|
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
|
||||||
# all libs must have permissions 0755
|
# all libs must have permissions 0755
|
||||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||||
do
|
do
|
||||||
@ -204,9 +208,9 @@ install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb
|
|||||||
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
||||||
%endif
|
%endif
|
||||||
# install sysconfig templates
|
# install sysconfig templates
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_fillupdir}
|
mkdir -p %{buildroot}/%{_fillupdir}
|
||||||
install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/
|
install -m 644 %{vendorFiles}/sysconfig.kadmind %{buildroot}/%{_fillupdir}/
|
||||||
install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/
|
install -m 644 %{vendorFiles}/sysconfig.krb5kdc %{buildroot}/%{_fillupdir}/
|
||||||
# install logrotate files
|
# install logrotate files
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||||
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
||||||
@ -239,10 +243,10 @@ install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
|
|||||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||||
rm -f /usr/share/man/man1/tmac.doc*
|
rm -f /usr/share/man/man1/tmac.doc*
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
||||||
# manually remove otp plugin for krb5-mini since configure
|
# manually remove otp, spake and test plugin for krb5-mini since configure
|
||||||
# doesn't support disabling it at build time
|
# doesn't support disabling it at build time
|
||||||
rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so
|
rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so
|
||||||
# manually remove test plugin since configure doesn't support disabling it at build time
|
rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/spake.so
|
||||||
rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
||||||
|
|
||||||
%find_lang mit-krb5
|
%find_lang mit-krb5
|
||||||
@ -261,6 +265,7 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%post
|
%post
|
||||||
/sbin/ldconfig
|
/sbin/ldconfig
|
||||||
%service_add_post krb5kdc.service kadmind.service kpropd.service
|
%service_add_post krb5kdc.service kadmind.service kpropd.service
|
||||||
|
%tmpfiles_create krb5.conf
|
||||||
%{fillup_only -n kadmind}
|
%{fillup_only -n kadmind}
|
||||||
%{fillup_only -n krb5kdc}
|
%{fillup_only -n krb5kdc}
|
||||||
%{fillup_only -n kpropd}
|
%{fillup_only -n kpropd}
|
||||||
@ -313,10 +318,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%dir %{_libdir}/krb5/plugins/preauth
|
%dir %{_libdir}/krb5/plugins/preauth
|
||||||
%dir %{_libdir}/krb5/plugins/libkrb5
|
%dir %{_libdir}/krb5/plugins/libkrb5
|
||||||
%dir %{_libdir}/krb5/plugins/tls
|
%dir %{_libdir}/krb5/plugins/tls
|
||||||
%dir %{_localstatedir}/lib/kerberos/
|
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5kdc
|
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5
|
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5/user
|
|
||||||
%attr(0700,root,root) %dir /var/log/krb5
|
%attr(0700,root,root) %dir /var/log/krb5
|
||||||
%dir /usr/lib/mit
|
%dir /usr/lib/mit
|
||||||
%dir /usr/lib/mit/sbin
|
%dir /usr/lib/mit/sbin
|
||||||
@ -326,9 +327,6 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%dir %{_sysconfdir}/krb5.conf.d
|
%dir %{_sysconfdir}/krb5.conf.d
|
||||||
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
%attr(0644,root,root) %config /etc/profile.d/krb5*
|
||||||
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
|
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
|
||||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||||
%{_fillupdir}/sysconfig.*
|
%{_fillupdir}/sysconfig.*
|
||||||
%{_unitdir}/kadmind.service
|
%{_unitdir}/kadmind.service
|
||||||
@ -345,6 +343,21 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%{_libdir}/libkrad.so.*
|
%{_libdir}/libkrad.so.*
|
||||||
%{_libdir}/krb5/plugins/kdb/*
|
%{_libdir}/krb5/plugins/kdb/*
|
||||||
%{_libdir}/krb5/plugins/tls/*
|
%{_libdir}/krb5/plugins/tls/*
|
||||||
|
%{_libexecdir}/tmpfiles.d/krb5.conf
|
||||||
|
%dir %{_datadir}/kerberos/
|
||||||
|
%dir %{_datadir}/kerberos/krb5kdc
|
||||||
|
%dir %{_datadir}/kerberos/krb5
|
||||||
|
%dir %{_datadir}/kerberos/krb5/user
|
||||||
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kdc.conf
|
||||||
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.acl
|
||||||
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.dict
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5kdc
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5/user
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kdc.conf
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.acl
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.dict
|
||||||
/usr/lib/mit/sbin/kadmin.local
|
/usr/lib/mit/sbin/kadmin.local
|
||||||
/usr/lib/mit/sbin/kadmind
|
/usr/lib/mit/sbin/kadmind
|
||||||
/usr/lib/mit/sbin/kpropd
|
/usr/lib/mit/sbin/kpropd
|
||||||
@ -387,6 +400,7 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%{_mandir}/man5/*
|
%{_mandir}/man5/*
|
||||||
%{_mandir}/man5/.k5login.5.gz
|
%{_mandir}/man5/.k5login.5.gz
|
||||||
%{_mandir}/man5/.k5identity.5*
|
%{_mandir}/man5/.k5identity.5*
|
||||||
|
%{_mandir}/man7/kerberos.7.gz
|
||||||
%{_mandir}/man8/*
|
%{_mandir}/man8/*
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so")
|
addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so")
|
||||||
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz")
|
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz")
|
||||||
|
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5identity.5.gz")
|
||||||
addFilter("files-duplicate .*css")
|
addFilter("files-duplicate .*css")
|
||||||
addFilter("files-duplicate .*img.*png")
|
addFilter("files-duplicate .*img.*png")
|
||||||
addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so")
|
addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so")
|
||||||
addFilter("shlib-policy-missing-suffix")
|
addFilter("shlib-policy-missing-suffix")
|
||||||
|
addFilter("non-etc-or-var-file-marked-as-conffile")
|
||||||
|
316
krb5.changes
316
krb5.changes
@ -1,3 +1,74 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt <jengelh@inai.de>
|
||||||
|
|
||||||
|
- Replace old $RPM_* shell vars
|
||||||
|
|
||||||
|
-------------------------------------------------------------------
|
||||||
|
Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
- Upgrade to 1.17. Major changes:
|
||||||
|
Administrator experience:
|
||||||
|
* A new Kerberos database module using the Lightning Memory-Mapped
|
||||||
|
Database library (LMDB) has been added. The LMDB KDB module should
|
||||||
|
be more performant and more robust than the DB2 module, and may
|
||||||
|
become the default module for new databases in a future release.
|
||||||
|
* "kdb5_util dump" will no longer dump policy entries when specific
|
||||||
|
principal names are requested.
|
||||||
|
Developer experience:
|
||||||
|
* The new krb5_get_etype_info() API can be used to retrieve enctype,
|
||||||
|
salt, and string-to-key parameters from the KDC for a client
|
||||||
|
principal.
|
||||||
|
* The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise
|
||||||
|
principal names to be used with GSS-API functions.
|
||||||
|
* KDC and kadmind modules which call com_err() will now write to the
|
||||||
|
log file in a format more consistent with other log messages.
|
||||||
|
* Programs which use large numbers of memory credential caches should
|
||||||
|
perform better.
|
||||||
|
Protocol evolution:
|
||||||
|
* The SPAKE pre-authentication mechanism is now supported. This
|
||||||
|
mechanism protects against password dictionary attacks without
|
||||||
|
requiring any additional infrastructure such as certificates. SPAKE
|
||||||
|
is enabled by default on clients, but must be manually enabled on
|
||||||
|
the KDC for this release.
|
||||||
|
* PKINIT freshness tokens are now supported. Freshness tokens can
|
||||||
|
protect against scenarios where an attacker uses temporary access to
|
||||||
|
a smart card to generate authentication requests for the future.
|
||||||
|
* Password change operations now prefer TCP over UDP, to avoid
|
||||||
|
spurious error messages about replays when a response packet is
|
||||||
|
dropped.
|
||||||
|
* The KDC now supports cross-realm S4U2Self requests when used with a
|
||||||
|
third-party KDB module such as Samba's. The client code for
|
||||||
|
cross-realm S4U2Self requests is also now more robust.
|
||||||
|
User experience:
|
||||||
|
* The new ktutil addent -f flag can be used to fetch salt information
|
||||||
|
from the KDC for password-based keys.
|
||||||
|
* The new kdestroy -p option can be used to destroy a credential cache
|
||||||
|
within a collection by client principal name.
|
||||||
|
* The Kerberos man page has been restored, and documents the
|
||||||
|
environment variables that affect programs using the Kerberos
|
||||||
|
library.
|
||||||
|
Code quality:
|
||||||
|
* Python test scripts now use Python 3.
|
||||||
|
* Python test scripts now display markers in verbose output, making it
|
||||||
|
easier to find where a failure occurred within the scripts.
|
||||||
|
* The Windows build system has been simplified and updated to work
|
||||||
|
with more recent versions of Visual Studio. A large volume of
|
||||||
|
unused Windows-specific code has been removed. Visual Studio 2013
|
||||||
|
or later is now required.
|
||||||
|
- Use systemd-tmpfiles to create files under /var/lib/kerberos, required
|
||||||
|
by transactional updates; (bsc#1100126);
|
||||||
|
- Rename patches:
|
||||||
|
* krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch
|
||||||
|
* krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch
|
||||||
|
* krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch
|
||||||
|
* krb5-1.6.3-gssapi_improve_errormessages.dif to
|
||||||
|
0004-krb5-1.6.3-gssapi_improve_errormessages.patch
|
||||||
|
* krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch
|
||||||
|
* krb5-1.12-api.patch => 0006-krb5-1.12-api.patch
|
||||||
|
* krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch
|
||||||
|
* krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch
|
||||||
|
* krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 9 20:00:21 UTC 2018 - James McDonough <jmcdonough@suse.com>
|
Tue Oct 9 20:00:21 UTC 2018 - James McDonough <jmcdonough@suse.com>
|
||||||
|
|
||||||
@ -40,11 +111,11 @@ Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com
|
|||||||
Wed Apr 25 21:54:39 UTC 2018 - luizluca@gmail.com
|
Wed Apr 25 21:54:39 UTC 2018 - luizluca@gmail.com
|
||||||
|
|
||||||
- Added support for /etc/krb5.conf.d/ for configuration snippets
|
- Added support for /etc/krb5.conf.d/ for configuration snippets
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 23 13:38:38 UTC 2017 - rbrown@suse.com
|
Thu Nov 23 13:38:38 UTC 2017 - rbrown@suse.com
|
||||||
|
|
||||||
- Replace references to /var/adm/fillup-templates with new
|
- Replace references to /var/adm/fillup-templates with new
|
||||||
%_fillupdir macro (boo#1069468)
|
%_fillupdir macro (boo#1069468)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -210,8 +281,8 @@ Sat Dec 3 13:04:11 UTC 2016 - michael@stroeder.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 14 08:36:06 UTC 2016 - christof.hanke@rzg.mpg.de
|
Mon Nov 14 08:36:06 UTC 2016 - christof.hanke@rzg.mpg.de
|
||||||
|
|
||||||
- add pam configuration file required for ksu
|
- add pam configuration file required for ksu
|
||||||
just use a copy of "su" one from Tumbleweed
|
just use a copy of "su" one from Tumbleweed
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
|
Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
|
||||||
@ -224,11 +295,11 @@ Fri Jul 22 08:45:19 UTC 2016 - michael@stroeder.com
|
|||||||
nonexistent policies
|
nonexistent policies
|
||||||
* Fix a rare KDC denial of service vulnerability when anonymous client
|
* Fix a rare KDC denial of service vulnerability when anonymous client
|
||||||
principals are restricted to obtaining TGTs only [CVE-2016-3120]
|
principals are restricted to obtaining TGTs only [CVE-2016-3120]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Jul 2 11:38:54 UTC 2016 - idonmez@suse.com
|
Sat Jul 2 11:38:54 UTC 2016 - idonmez@suse.com
|
||||||
|
|
||||||
- Remove comments breaking post scripts.
|
- Remove comments breaking post scripts.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 30 13:34:29 UTC 2016 - fcrozat@suse.com
|
Thu Jun 30 13:34:29 UTC 2016 - fcrozat@suse.com
|
||||||
@ -591,7 +662,7 @@ Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
|
Tue Sep 23 13:25:33 UTC 2014 - varkoly@suse.com
|
||||||
|
|
||||||
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
|
- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal
|
||||||
- added patches:
|
- added patches:
|
||||||
* bnc#897874-CVE-2014-5351.diff
|
* bnc#897874-CVE-2014-5351.diff
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -632,7 +703,7 @@ Fri Aug 8 15:55:01 UTC 2014 - ckornacker@suse.com
|
|||||||
|
|
||||||
- buffer overrun in kadmind with LDAP backend
|
- buffer overrun in kadmind with LDAP backend
|
||||||
CVE-2014-4345 (bnc#891082)
|
CVE-2014-4345 (bnc#891082)
|
||||||
krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
|
krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
||||||
@ -645,7 +716,7 @@ Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com
|
Sat Jul 19 12:38:21 UTC 2014 - p.drouand@gmail.com
|
||||||
|
|
||||||
- Do not depend of insserv if systemd is used
|
- Do not depend of insserv if systemd is used
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com
|
Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com
|
||||||
@ -716,7 +787,7 @@ Mon Jan 13 15:37:16 UTC 2014 - ckornacker@suse.com
|
|||||||
* krb5-master-gss_oid_leak.patch
|
* krb5-master-gss_oid_leak.patch
|
||||||
- Fix SPNEGO one-hop interop against old IIS
|
- Fix SPNEGO one-hop interop against old IIS
|
||||||
* krb5-master-ignore-empty-unnecessary-final-token.patch
|
* krb5-master-ignore-empty-unnecessary-final-token.patch
|
||||||
- Fix GSS krb5 acceptor acquire_cred error handling
|
- Fix GSS krb5 acceptor acquire_cred error handling
|
||||||
* krb5-master-keytab_close.patch
|
* krb5-master-keytab_close.patch
|
||||||
- Avoid malloc(0) in SPNEGO get_input_token
|
- Avoid malloc(0) in SPNEGO get_input_token
|
||||||
* krb5-master-no-malloc0.patch
|
* krb5-master-no-malloc0.patch
|
||||||
@ -749,7 +820,7 @@ Mon Jun 24 16:21:07 UTC 2013 - mc@suse.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org
|
Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org
|
||||||
|
|
||||||
- remove fstack-protector-all from CFLAGS, just use the
|
- remove fstack-protector-all from CFLAGS, just use the
|
||||||
lighter/fast version already present in %optflags
|
lighter/fast version already present in %optflags
|
||||||
|
|
||||||
- Use LFS_CFLAGS to build in 32 bit archs.
|
- Use LFS_CFLAGS to build in 32 bit archs.
|
||||||
@ -788,7 +859,7 @@ Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de
|
|||||||
that failed to load.
|
that failed to load.
|
||||||
* gss_import_sec_context incorrectly set internal state that
|
* gss_import_sec_context incorrectly set internal state that
|
||||||
identifies whether an imported context is from an interposer
|
identifies whether an imported context is from an interposer
|
||||||
mechanism or from the underlying mechanism.
|
mechanism or from the underlying mechanism.
|
||||||
- upstream fix obsolete krb5-lookup_etypes-leak.patch
|
- upstream fix obsolete krb5-lookup_etypes-leak.patch
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -990,7 +1061,7 @@ Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
|
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
|
||||||
|
|
||||||
- add patches from Fedora and upstream
|
- add patches from Fedora and upstream
|
||||||
- fix init scripts (bnc#689006)
|
- fix init scripts (bnc#689006)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1028,12 +1099,12 @@ Wed Jan 19 14:42:27 CET 2011 - mc@suse.de
|
|||||||
CVE-2010-4022
|
CVE-2010-4022
|
||||||
- Fix KDC denial of service attacks with LDAP back end
|
- Fix KDC denial of service attacks with LDAP back end
|
||||||
(MITKRB5-SA-2011-002, bnc#663619)
|
(MITKRB5-SA-2011-002, bnc#663619)
|
||||||
CVE-2011-0281, CVE-2011-0282
|
CVE-2011-0281, CVE-2011-0282
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- Fix multiple checksum handling vulnerabilities
|
- Fix multiple checksum handling vulnerabilities
|
||||||
(MITKRB5-SA-2010-007, bnc#650650)
|
(MITKRB5-SA-2010-007, bnc#650650)
|
||||||
CVE-2010-1324
|
CVE-2010-1324
|
||||||
* krb5 GSS-API applications may accept unkeyed checksums
|
* krb5 GSS-API applications may accept unkeyed checksums
|
||||||
@ -1045,21 +1116,21 @@ Wed Dec 1 11:44:15 CET 2010 - mc@suse.de
|
|||||||
CVE-2010-4020
|
CVE-2010-4020
|
||||||
* krb5 may accept authdata checksums with low-entropy derived keys
|
* krb5 may accept authdata checksums with low-entropy derived keys
|
||||||
CVE-2010-4021
|
CVE-2010-4021
|
||||||
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
|
* krb5 KDC may issue unrequested tickets due to KrbFastReq forgery
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de
|
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix csh profile (bnc#649856)
|
- fix csh profile (bnc#649856)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de
|
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- update to krb5-1.8.3
|
- update to krb5-1.8.3
|
||||||
* remove patches which are now upstrem
|
* remove patches which are now upstrem
|
||||||
- krb5-1.7-MITKRB5-SA-2010-004.dif
|
- krb5-1.7-MITKRB5-SA-2010-004.dif
|
||||||
- krb5-1.8.1-gssapi-error-table.dif
|
- krb5-1.8.1-gssapi-error-table.dif
|
||||||
- krb5-MITKRB5-SA-2010-005.dif
|
- krb5-MITKRB5-SA-2010-005.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
||||||
@ -1071,7 +1142,7 @@ Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de
|
|||||||
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
|
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix a dereference of an uninitialized pointer while processing
|
- fix a dereference of an uninitialized pointer while processing
|
||||||
authorization data.
|
authorization data.
|
||||||
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
|
CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1084,12 +1155,12 @@ Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com
|
|||||||
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
|
Wed May 19 14:27:19 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix GSS-API library null pointer dereference
|
- fix GSS-API library null pointer dereference
|
||||||
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
|
CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de
|
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- fix a double free vulnerability in the KDC
|
- fix a double free vulnerability in the KDC
|
||||||
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
|
CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1097,12 +1168,12 @@ Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de
|
|||||||
|
|
||||||
- update to version 1.8.1
|
- update to version 1.8.1
|
||||||
* include krb5-1.8-POST.dif
|
* include krb5-1.8-POST.dif
|
||||||
* include MITKRB5-SA-2010-002
|
* include MITKRB5-SA-2010-002
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
|
Tue Apr 6 14:14:56 CEST 2010 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.8-POST.dif
|
- update krb5-1.8-POST.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
||||||
@ -1110,17 +1181,17 @@ Tue Mar 23 14:32:41 CET 2010 - mc@suse.de
|
|||||||
- fix a bug where an unauthenticated remote attacker could cause
|
- fix a bug where an unauthenticated remote attacker could cause
|
||||||
a GSS-API application including the Kerberos administration
|
a GSS-API application including the Kerberos administration
|
||||||
daemon (kadmind) to crash.
|
daemon (kadmind) to crash.
|
||||||
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
|
CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- add post 1.8 fixes
|
- add post 1.8 fixes
|
||||||
* Add IPv6 support to changepw.c
|
* Add IPv6 support to changepw.c
|
||||||
* fix two problems in kadm5_get_principal mask handling
|
* fix two problems in kadm5_get_principal mask handling
|
||||||
* Ignore improperly encoded signedpath AD elements
|
* Ignore improperly encoded signedpath AD elements
|
||||||
* handle NT_SRV_INST in service principal referrals
|
* handle NT_SRV_INST in service principal referrals
|
||||||
* dereference options while checking
|
* dereference options while checking
|
||||||
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
|
KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
|
||||||
* Fix the kpasswd fallback from the ccache principal name
|
* Fix the kpasswd fallback from the ccache principal name
|
||||||
* Document the ticket_lifetime libdefaults setting
|
* Document the ticket_lifetime libdefaults setting
|
||||||
@ -1130,16 +1201,16 @@ Tue Mar 23 12:33:26 CET 2010 - mc@suse.de
|
|||||||
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.8
|
- update to version 1.8
|
||||||
* Increase code quality
|
* Increase code quality
|
||||||
* Move toward improved KDB interface
|
* Move toward improved KDB interface
|
||||||
* Investigate and remedy repeatedly-reported performance
|
* Investigate and remedy repeatedly-reported performance
|
||||||
bottlenecks.
|
bottlenecks.
|
||||||
* Reduce DNS dependence by implementing an interface that allows
|
* Reduce DNS dependence by implementing an interface that allows
|
||||||
client library to track whether a KDC supports service
|
client library to track whether a KDC supports service
|
||||||
principal referrals.
|
principal referrals.
|
||||||
* Disable DES by default
|
* Disable DES by default
|
||||||
* Account lockout for repeated login failures
|
* Account lockout for repeated login failures
|
||||||
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
||||||
backend modules
|
backend modules
|
||||||
* FAST enhancements
|
* FAST enhancements
|
||||||
* Microsoft Services for User (S4U) compatibility
|
* Microsoft Services for User (S4U) compatibility
|
||||||
@ -1151,7 +1222,7 @@ Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
|||||||
- fix integer underflow in AES and RC4 decryption
|
- fix integer underflow in AES and RC4 decryption
|
||||||
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
||||||
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
||||||
|
|
||||||
@ -1171,12 +1242,12 @@ Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
Wed Jun 3 10:23:42 CEST 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to final 1.7 release
|
- update to final 1.7 release
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.7 Beta2
|
- update to version 1.7 Beta2
|
||||||
* Incremental propagation support for the KDC database.
|
* Incremental propagation support for the KDC database.
|
||||||
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
* Flexible Authentication Secure Tunneling (FAST), a preauthentiation
|
||||||
framework that can protect the AS exchange from dictionary attack.
|
framework that can protect the AS exchange from dictionary attack.
|
||||||
@ -1189,7 +1260,7 @@ Wed May 13 11:30:42 CEST 2009 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de
|
||||||
|
|
||||||
- update to pre 1.7 version
|
- update to pre 1.7 version
|
||||||
* Remove support for version 4 of the Kerberos protocol (krb4).
|
* Remove support for version 4 of the Kerberos protocol (krb4).
|
||||||
* New libdefaults configuration variable "allow_weak_crypto".
|
* New libdefaults configuration variable "allow_weak_crypto".
|
||||||
* Client library now follows client principal referrals, for
|
* Client library now follows client principal referrals, for
|
||||||
@ -1218,7 +1289,7 @@ Wed Jan 14 09:21:36 CET 2009 - olh@suse.de
|
|||||||
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de
|
||||||
|
|
||||||
- do not query IPv6 addresses if no IPv6 address exists on this host
|
- do not query IPv6 addresses if no IPv6 address exists on this host
|
||||||
[bnc#449143]
|
[bnc#449143]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de
|
||||||
@ -1235,7 +1306,7 @@ Thu Oct 30 12:34:56 CET 2008 - olh@suse.de
|
|||||||
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- in case we use ldap as database backend, ldap should be
|
- in case we use ldap as database backend, ldap should be
|
||||||
started before krb5kdc
|
started before krb5kdc
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
||||||
@ -1243,8 +1314,8 @@ Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de
|
|||||||
- add new fixes to post 1.6.3 patch
|
- add new fixes to post 1.6.3 patch
|
||||||
* fix mem leak in krb5_gss_accept_sec_context()
|
* fix mem leak in krb5_gss_accept_sec_context()
|
||||||
* keep minor_status
|
* keep minor_status
|
||||||
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
* kadm5_decrypt_key: A ktype of -1 is documented as meaning
|
||||||
"to be ignored"
|
"to be ignored"
|
||||||
* Reject socket fds > FD_SETSIZE
|
* Reject socket fds > FD_SETSIZE
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1261,14 +1332,14 @@ Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de
|
|||||||
|
|
||||||
- add case-insensitive.dif (FATE#300771)
|
- add case-insensitive.dif (FATE#300771)
|
||||||
- minor fixes for ktutil man page
|
- minor fixes for ktutil man page
|
||||||
- reduce rpmlint warnings
|
- reduce rpmlint warnings
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
Wed May 14 17:44:59 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
- Fall back to TCP on kdc-unresolvable/unreachable errors.
|
||||||
- restore valid sequence number before generating requests
|
- restore valid sequence number before generating requests
|
||||||
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
(fix changing passwords in mixed ipv4/ipv6 enviroments)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
||||||
@ -1279,7 +1350,7 @@ Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
Wed Apr 9 12:04:48 CEST 2008 - mc@suse.de
|
||||||
|
|
||||||
- modify krb5-config to not output rpath and cflags in --libs
|
- modify krb5-config to not output rpath and cflags in --libs
|
||||||
(bnc#378270)
|
(bnc#378270)
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1291,7 +1362,7 @@ Fri Mar 14 11:27:55 CET 2008 - mc@suse.de
|
|||||||
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
* MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
|
||||||
Memory corruption while too many open file descriptors
|
Memory corruption while too many open file descriptors
|
||||||
[bnc#363151]
|
[bnc#363151]
|
||||||
- change default config file. Comment out the examples.
|
- change default config file. Comment out the examples.
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
||||||
@ -1306,12 +1377,12 @@ Fri Dec 14 10:48:52 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
Tue Dec 4 16:36:07 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- improve GSSAPI error messages
|
- improve GSSAPI error messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
Tue Nov 6 13:53:17 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- add coreutils to PreReq
|
- add coreutils to PreReq
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
||||||
@ -1327,8 +1398,8 @@ Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de
|
|||||||
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6.2-post.dif
|
- update krb5-1.6.2-post.dif
|
||||||
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
* If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that
|
||||||
that the client library will not failover to the next KDC.
|
that the client library will not failover to the next KDC.
|
||||||
[#310540]
|
[#310540]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1338,7 +1409,7 @@ Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de
|
|||||||
* new -S sname option for kvno
|
* new -S sname option for kvno
|
||||||
* read_entropy_from_device on partial read will not fill buffer
|
* read_entropy_from_device on partial read will not fill buffer
|
||||||
* Bail out if encoded "ticket" doesn't decode correctly.
|
* Bail out if encoded "ticket" doesn't decode correctly.
|
||||||
* patch for referrals loop
|
* patch for referrals loop
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
Thu Sep 6 10:43:39 CEST 2007 - mc@suse.de
|
||||||
@ -1359,10 +1430,10 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
|||||||
|
|
||||||
- add krb5-1.6.2-post.dif
|
- add krb5-1.6.2-post.dif
|
||||||
* during the referrals loop, check to see if the
|
* during the referrals loop, check to see if the
|
||||||
session key enctype of a returned credential for the final
|
session key enctype of a returned credential for the final
|
||||||
service is among the enctypes explicitly selected by the
|
service is among the enctypes explicitly selected by the
|
||||||
application, and retry with old_use_conf_ktypes if it is not.
|
application, and retry with old_use_conf_ktypes if it is not.
|
||||||
* If mkstemp() is available, the new ccache file gets created but
|
* If mkstemp() is available, the new ccache file gets created but
|
||||||
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
the subsequent open(O_CREAT|O_EXCL) call fails because the file
|
||||||
was already created by mkstemp(). Apply patch from Apple to keep
|
was already created by mkstemp(). Apply patch from Apple to keep
|
||||||
the file descriptor open.
|
the file descriptor open.
|
||||||
@ -1371,7 +1442,7 @@ Tue Aug 7 11:56:41 CEST 2007 - mc@suse.de
|
|||||||
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6.2
|
- update to version 1.6.2
|
||||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
Thu Jul 5 18:10:28 CEST 2007 - mc@suse.de
|
||||||
@ -1383,7 +1454,7 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
|||||||
|
|
||||||
- update krb5-1.6.1-post.dif
|
- update krb5-1.6.1-post.dif
|
||||||
* fix leak in krb5_walk_realm_tree
|
* fix leak in krb5_walk_realm_tree
|
||||||
* rd_req_decoded needs to deal with referral realms
|
* rd_req_decoded needs to deal with referral realms
|
||||||
* fix buffer overflow in kadmind
|
* fix buffer overflow in kadmind
|
||||||
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
(MITKRB5-SA-2007-005 - CVE-2007-2798)
|
||||||
[#278689]
|
[#278689]
|
||||||
@ -1394,14 +1465,14 @@ Mon Jul 2 11:26:47 CEST 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- fix unstripped-binary-or-object rpmlint warning
|
- fix unstripped-binary-or-object rpmlint warning
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
||||||
|
|
||||||
- fixing rpmlint warnings and errors:
|
- fixing rpmlint warnings and errors:
|
||||||
* merged logrotate scripts kadmin and krb5kdc into a single file
|
* merged logrotate scripts kadmin and krb5kdc into a single file
|
||||||
krb5-server.
|
krb5-server.
|
||||||
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
* moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
|
||||||
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
|
||||||
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
|
||||||
@ -1414,32 +1485,32 @@ Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
Wed May 9 15:30:53 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- fix uninitialized salt length
|
- fix uninitialized salt length
|
||||||
- add extra check for keytab file
|
- add extra check for keytab file
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
Thu May 3 12:11:29 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- adding krb5-1.6.1-post.dif
|
- adding krb5-1.6.1-post.dif
|
||||||
* fix segfault in krb5_get_init_creds_password
|
* fix segfault in krb5_get_init_creds_password
|
||||||
* remove debug output in ftp client
|
* remove debug output in ftp client
|
||||||
* profile stores empty string values without double quotes
|
* profile stores empty string values without double quotes
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to final 1.6.1 version
|
- update to final 1.6.1 version
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- add plugin directories to main package
|
- add plugin directories to main package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6.1 Beta1
|
- update to version 1.6.1 Beta1
|
||||||
- remove obsolete patches
|
- remove obsolete patches
|
||||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
||||||
- rework compile_pie patch
|
- rework compile_pie patch
|
||||||
|
|
||||||
@ -1466,8 +1537,8 @@ Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
Mon Mar 5 11:01:20 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- move SuSEFirewall service definitions to
|
- move SuSEFirewall service definitions to
|
||||||
/etc/sysconfig/SuSEfirewall2.d/services
|
/etc/sysconfig/SuSEfirewall2.d/services
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
||||||
@ -1478,12 +1549,12 @@ Thu Feb 22 11:13:48 CET 2007 - mc@suse.de
|
|||||||
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6-post.dif
|
- update krb5-1.6-post.dif
|
||||||
- move some applications into the right package
|
- move some applications into the right package
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
Fri Feb 9 13:31:22 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update krb5-1.6-post.dif
|
- update krb5-1.6-post.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de
|
||||||
@ -1501,16 +1572,16 @@ Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- krb5-devel should require keyutils-devel
|
- krb5-devel should require keyutils-devel
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.6
|
- update to version 1.6
|
||||||
* Major changes in 1.6 include
|
* Major changes in 1.6 include
|
||||||
* Partial client implementation to handle server name referrals.
|
* Partial client implementation to handle server name referrals.
|
||||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
* Pre-authentication plug-in framework, donated by Red Hat.
|
||||||
* LDAP KDB plug-in, donated by Novell.
|
* LDAP KDB plug-in, donated by Novell.
|
||||||
- remove obsolete patches
|
- remove obsolete patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1528,14 +1599,14 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
|
||||||
|
|
||||||
- Fix Requires in krb5-devel
|
- Fix Requires in krb5-devel
|
||||||
[Bug #231008]
|
[Bug #231008]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
Mon Nov 6 11:49:39 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix "local variable used before set" [#217692]
|
- fix "local variable used before set" [#217692]
|
||||||
- fix strncat warning
|
- fix strncat warning
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
||||||
@ -1546,7 +1617,7 @@ Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix function call with too few arguments [#203837]
|
- fix function call with too few arguments [#203837]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
||||||
@ -1554,7 +1625,7 @@ Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de
|
|||||||
- update to version 1.5.1
|
- update to version 1.5.1
|
||||||
- remove obsolete patches which are now included upstream
|
- remove obsolete patches which are now included upstream
|
||||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
||||||
* trunk-fix-uninitialized-vars.dif
|
* trunk-fix-uninitialized-vars.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
||||||
@ -1566,7 +1637,7 @@ Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
Mon Aug 7 15:54:26 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- remove update-messages
|
- remove update-messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
||||||
@ -1578,13 +1649,13 @@ Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de
|
|||||||
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
Mon Jul 3 14:59:35 CEST 2006 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.5
|
- update to version 1.5
|
||||||
* KDB abstraction layer, donated by Novell.
|
* KDB abstraction layer, donated by Novell.
|
||||||
* plug-in architecture, allowing for extension modules to be
|
* plug-in architecture, allowing for extension modules to be
|
||||||
loaded at run-time.
|
loaded at run-time.
|
||||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
* multi-mechanism GSS-API implementation ("mechglue"),
|
||||||
donated by Sun Microsystems
|
donated by Sun Microsystems
|
||||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
||||||
implementation, donated by Sun Microsystems
|
implementation, donated by Sun Microsystems
|
||||||
- remove obsolete patches and add some new
|
- remove obsolete patches and add some new
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1598,17 +1669,17 @@ Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de
|
|||||||
|
|
||||||
- add all daemons to %stop_on_removal and %restart_on_update
|
- add all daemons to %stop_on_removal and %restart_on_update
|
||||||
- add reload to kpropd init script
|
- add reload to kpropd init script
|
||||||
- add force-reload to all init scripts
|
- add force-reload to all init scripts
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- add libgssapi_krb5.so link to main package [#147912]
|
- add libgssapi_krb5.so link to main package [#147912]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
Fri Feb 3 18:17:01 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- fix logging section for kadmind in convert script
|
- fix logging section for kadmind in convert script
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
||||||
@ -1618,12 +1689,12 @@ Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- change the logging defaults
|
- change the logging defaults
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- add tools and README for heimdal => MIT update
|
- add tools and README for heimdal => MIT update
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
||||||
@ -1634,7 +1705,7 @@ Mon Jan 9 14:41:07 CET 2006 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
Tue Jan 3 16:00:13 CET 2006 - mc@suse.de
|
||||||
|
|
||||||
- added "make %{?jobs:-j%jobs}"
|
- added "make %{?jobs:-j%jobs}"
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
||||||
@ -1643,33 +1714,33 @@ Fri Nov 18 12:12:01 CET 2005 - mc@suse.de
|
|||||||
* some memmory leaks fixed
|
* some memmory leaks fixed
|
||||||
* fix for "AS_REP padata has wrong enctype"
|
* fix for "AS_REP padata has wrong enctype"
|
||||||
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
* fix for "AS_REP padata missing PA-ETYPE-INFO"
|
||||||
* ... and more
|
* ... and more
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
Wed Nov 2 21:23:32 CET 2005 - dmueller@suse.de
|
||||||
|
|
||||||
- don't build as root
|
- don't build as root
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.4.2
|
- update to version 1.4.2
|
||||||
- remove some obsolet patches
|
- remove some obsolet patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
Mon Aug 8 16:07:51 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- build with --disable-static
|
- build with --disable-static
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
Thu Aug 4 16:47:43 CEST 2005 - ro@suse.de
|
||||||
|
|
||||||
- remove devel-static subpackage
|
- remove devel-static subpackage
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- better patch for princ_comp problem
|
- better patch for princ_comp problem
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de
|
||||||
@ -1688,18 +1759,18 @@ Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de
|
|||||||
- fixed krb5 double free()
|
- fixed krb5 double free()
|
||||||
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
[#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
|
||||||
- fix krb5 NULL pointer reference while comparing principals
|
- fix krb5 NULL pointer reference while comparing principals
|
||||||
[#91600]
|
[#91600]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fix uninitialized variables
|
- fix uninitialized variables
|
||||||
- compile with -fPIE/ link with -pie
|
- compile with -fPIE/ link with -pie
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed wrong xinetd files [#77149]
|
- fixed wrong xinetd files [#77149]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
||||||
@ -1710,26 +1781,26 @@ Fri Apr 8 04:55:55 CEST 2005 - mt@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
Thu Apr 7 13:49:37 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed missing descriptions in init files
|
- fixed missing descriptions in init files
|
||||||
[#76164, #76165, #76166, #76169]
|
[#76164, #76165, #76166, #76169]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de
|
||||||
|
|
||||||
- enhance $PATH via /etc/profile.d/ [#74018]
|
- enhance $PATH via /etc/profile.d/ [#74018]
|
||||||
- remove the "links to important programs"
|
- remove the "links to important programs"
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed not running converter script [#72854]
|
- fixed not running converter script [#72854]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer
|
||||||
Overflow
|
Overflow
|
||||||
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer
|
||||||
Overflow
|
Overflow
|
||||||
[#73618]
|
[#73618]
|
||||||
|
|
||||||
@ -1747,38 +1818,38 @@ Tue Mar 15 19:54:58 CET 2005 - mc@suse.de
|
|||||||
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
- fixed: rckrb5kdc restart gives wrong status with non-running service
|
||||||
[#72446]
|
[#72446]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
- add requires: e2fsprogs-devel to krb5-devel package [#71732]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- fix double free [#66534]
|
- fix double free [#66534]
|
||||||
krb5-1.4-fix-error_tables.dif
|
krb5-1.4-fix-error_tables.dif
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- change mode for shared libraries to 755
|
- change mode for shared libraries to 755
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
Fri Feb 4 16:48:16 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- remove spx.c from tarball because of legal risk
|
- remove spx.c from tarball because of legal risk
|
||||||
- add README.Source which tell the user about this
|
- add README.Source which tell the user about this
|
||||||
action.
|
action.
|
||||||
- add a check for spx.c in the spec-file
|
- add a check for spx.c in the spec-file
|
||||||
- use rich-text for update-messages [#50250]
|
- use rich-text for update-messages [#50250]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
Tue Feb 1 12:13:45 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add krb5-1.4-reduce-namespace-polution.dif
|
- add krb5-1.4-reduce-namespace-polution.dif
|
||||||
reduce namespace polution in gssapi.h [#50356]
|
reduce namespace polution in gssapi.h [#50356]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
||||||
@ -1800,13 +1871,13 @@ Fri Jan 28 13:25:42 CET 2005 - mc@suse.de
|
|||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- add proofreaded update-messages
|
- add proofreaded update-messages
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- remove Conflicts: and add Provides:
|
- remove Conflicts: and add Provides:
|
||||||
- add some insserv stuff
|
- add some insserv stuff
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
||||||
@ -1821,13 +1892,13 @@ Thu Jan 13 11:54:01 CET 2005 - mc@suse.de
|
|||||||
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de
|
||||||
|
|
||||||
- update to version 1.3.6
|
- update to version 1.3.6
|
||||||
- fix for: heap buffer overflow in libkadm5srv
|
- fix for: heap buffer overflow in libkadm5srv
|
||||||
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
[CAN-2004-1189 / MITKRB5-SA-2004-004]
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- build doc subpackage in an own specfile
|
- build doc subpackage in an own specfile
|
||||||
- removed unnecessary neededforbuild requirements
|
- removed unnecessary neededforbuild requirements
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
@ -1839,7 +1910,7 @@ Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de
|
|||||||
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- added Conflicts with heimdal*
|
- added Conflicts with heimdal*
|
||||||
- rename some manpages to avoid conflicts
|
- rename some manpages to avoid conflicts
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
||||||
@ -1853,11 +1924,10 @@ Thu Nov 4 18:03:11 CET 2004 - mc@suse.de
|
|||||||
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
Wed Nov 3 18:52:07 CET 2004 - mc@suse.de
|
||||||
|
|
||||||
- add e2fsprogs to NFB
|
- add e2fsprogs to NFB
|
||||||
- use system-et and system-ss
|
- use system-et and system-ss
|
||||||
- fix includes of com_err.h
|
- fix includes of com_err.h
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de
|
||||||
|
|
||||||
- Initital checkin
|
- Initital checkin
|
||||||
|
|
||||||
|
130
krb5.spec
130
krb5.spec
@ -1,7 +1,7 @@
|
|||||||
#
|
#
|
||||||
# spec file for package krb5
|
# spec file for package krb5
|
||||||
#
|
#
|
||||||
# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany.
|
# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany.
|
||||||
#
|
#
|
||||||
# All modifications and additions to the file contributed by third parties
|
# All modifications and additions to the file contributed by third parties
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
# remain the property of their copyright owners, unless otherwise agreed
|
||||||
@ -22,22 +22,22 @@
|
|||||||
%endif
|
%endif
|
||||||
|
|
||||||
Name: krb5
|
Name: krb5
|
||||||
Url: https://web.mit.edu/kerberos/www/
|
Version: 1.17
|
||||||
|
Release: 0
|
||||||
|
Summary: MIT Kerberos5 implementation
|
||||||
|
License: MIT
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
URL: https://web.mit.edu/kerberos/www/
|
||||||
|
Obsoletes: krb5-plugin-preauth-pkinit-nss
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
BuildRequires: keyutils
|
BuildRequires: keyutils
|
||||||
BuildRequires: keyutils-devel
|
BuildRequires: keyutils-devel
|
||||||
BuildRequires: libcom_err-devel
|
BuildRequires: libcom_err-devel
|
||||||
BuildRequires: libselinux-devel
|
|
||||||
BuildRequires: ncurses-devel
|
|
||||||
Version: 1.16.1
|
|
||||||
Release: 0
|
|
||||||
Summary: MIT Kerberos5 implementation
|
|
||||||
License: MIT
|
|
||||||
Group: Productivity/Networking/Security
|
|
||||||
Obsoletes: krb5-plugin-preauth-pkinit-nss
|
|
||||||
BuildRequires: libopenssl-devel
|
BuildRequires: libopenssl-devel
|
||||||
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: libverto-devel
|
BuildRequires: libverto-devel
|
||||||
|
BuildRequires: ncurses-devel
|
||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
@ -46,22 +46,23 @@ BuildRequires: pkgconfig(systemd)
|
|||||||
Obsoletes: krb5-64bit
|
Obsoletes: krb5-64bit
|
||||||
%endif
|
%endif
|
||||||
Conflicts: krb5-mini
|
Conflicts: krb5-mini
|
||||||
Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz
|
Source0: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}.tar.gz
|
||||||
Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc
|
Source1: https://web.mit.edu/kerberos/dist/krb5/1.17/krb5-%{version}.tar.gz.asc
|
||||||
Source2: krb5.keyring
|
Source2: krb5.keyring
|
||||||
Source3: vendor-files.tar.bz2
|
Source3: vendor-files.tar.bz2
|
||||||
Source4: baselibs.conf
|
Source4: baselibs.conf
|
||||||
Source5: krb5-rpmlintrc
|
Source5: krb5-rpmlintrc
|
||||||
Source6: ksu-pam.d
|
Source6: ksu-pam.d
|
||||||
Patch1: krb5-1.12-pam.patch
|
Source7: krb5.tmpfiles
|
||||||
Patch2: krb5-1.9-manpaths.dif
|
Patch1: 0001-krb5-1.12-pam.patch
|
||||||
Patch3: krb5-1.12-buildconf.patch
|
Patch2: 0002-krb5-1.9-manpaths.patch
|
||||||
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
Patch3: 0003-krb5-1.12-buildconf.patch
|
||||||
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
Patch4: 0004-krb5-1.6.3-gssapi_improve_errormessages.patch
|
||||||
Patch8: krb5-1.12-api.patch
|
Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch
|
||||||
Patch11: krb5-1.12-ksu-path.patch
|
Patch6: 0006-krb5-1.12-api.patch
|
||||||
Patch12: krb5-1.12-selinux-label.patch
|
Patch7: 0007-krb5-1.12-ksu-path.patch
|
||||||
Patch13: krb5-1.9-debuginfo.patch
|
Patch8: 0008-krb5-1.12-selinux-label.patch
|
||||||
|
Patch9: 0009-krb5-1.9-debuginfo.patch
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
|
|
||||||
%description
|
%description
|
||||||
@ -129,6 +130,15 @@ Kerberos V5 is a trusted-third-party network authentication system,
|
|||||||
which can improve network security by eliminating the insecure
|
which can improve network security by eliminating the insecure
|
||||||
practice of cleartext passwords. This package includes a OTP plugin.
|
practice of cleartext passwords. This package includes a OTP plugin.
|
||||||
|
|
||||||
|
%package plugin-preauth-spake
|
||||||
|
Summary: SPAKE preauthentication plugin for MIT Kerberos5
|
||||||
|
Group: Productivity/Networking/Security
|
||||||
|
|
||||||
|
%description plugin-preauth-spake
|
||||||
|
Kerberos V5 is a trusted-third-party network authentication system,
|
||||||
|
which can improve network security by eliminating the insecure
|
||||||
|
practice of cleartext passwords. This package includes a SPAKE plugin.
|
||||||
|
|
||||||
%package doc
|
%package doc
|
||||||
Summary: Documentation for the MIT Kerberos5 implementation
|
Summary: Documentation for the MIT Kerberos5 implementation
|
||||||
Group: Documentation/Other
|
Group: Documentation/Other
|
||||||
@ -169,11 +179,11 @@ Include Files for Development
|
|||||||
%patch2 -p1
|
%patch2 -p1
|
||||||
%patch3 -p1
|
%patch3 -p1
|
||||||
%patch4 -p1
|
%patch4 -p1
|
||||||
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
|
%patch7 -p1
|
||||||
%patch8 -p1
|
%patch8 -p1
|
||||||
%patch11 -p1
|
%patch9 -p1
|
||||||
%patch12 -p1
|
|
||||||
%patch13 -p1
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# needs to be re-generated
|
# needs to be re-generated
|
||||||
@ -183,7 +193,7 @@ autoreconf -fi
|
|||||||
DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
|
DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
|
||||||
./configure \
|
./configure \
|
||||||
CC="%{__cc}" \
|
CC="%{__cc}" \
|
||||||
CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \
|
CFLAGS="%{optflags} -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \
|
||||||
CPPFLAGS="-I%{_includedir}/et " \
|
CPPFLAGS="-I%{_includedir}/et " \
|
||||||
SS_LIB="-lss" \
|
SS_LIB="-lss" \
|
||||||
--prefix=/usr/lib/mit \
|
--prefix=/usr/lib/mit \
|
||||||
@ -202,7 +212,7 @@ DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME
|
|||||||
--with-ldap \
|
--with-ldap \
|
||||||
--with-pam \
|
--with-pam \
|
||||||
--enable-pkinit \
|
--enable-pkinit \
|
||||||
--with-pkinit-crypto-impl=openssl \
|
--with-crypto-impl=openssl \
|
||||||
--with-selinux \
|
--with-selinux \
|
||||||
--with-system-et \
|
--with-system-et \
|
||||||
--with-system-ss \
|
--with-system-ss \
|
||||||
@ -214,25 +224,19 @@ make %{?_smp_mflags}
|
|||||||
cp man/kadmin.man man/kadmin.local.8
|
cp man/kadmin.man man/kadmin.local.8
|
||||||
|
|
||||||
%install
|
%install
|
||||||
|
mkdir -p %{buildroot}/%{_localstatedir}/log/krb5
|
||||||
# Where per-user keytabs live by default.
|
%make_install -C src
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/kerberos/krb5/user
|
|
||||||
mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5
|
|
||||||
|
|
||||||
cd src
|
|
||||||
make DESTDIR=%{buildroot} install
|
|
||||||
cd ..
|
|
||||||
# Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks
|
# Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks
|
||||||
# of the buildconf patch already conspire to strip out /usr/<anything> from the
|
# of the buildconf patch already conspire to strip out /usr/<anything> from the
|
||||||
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
# list of link flags, and it helps prevent file conflicts on multilib systems.
|
||||||
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config
|
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' %{buildroot}/usr/lib/mit/bin/krb5-config
|
||||||
|
|
||||||
# install autoconf macro
|
# install autoconf macro
|
||||||
mkdir -p %{buildroot}/%{_datadir}/aclocal
|
mkdir -p %{buildroot}/%{_datadir}/aclocal
|
||||||
install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/
|
install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/
|
||||||
# install sample config files
|
# install sample config files
|
||||||
# I'll probably do something about this later on
|
# I'll probably do something about this later on
|
||||||
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
|
mkdir -p %{buildroot}%{_sysconfdir}
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d
|
mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d
|
||||||
mkdir -p %{buildroot}/etc/profile.d/
|
mkdir -p %{buildroot}/etc/profile.d/
|
||||||
mkdir -p %{buildroot}/var/log/krb5
|
mkdir -p %{buildroot}/var/log/krb5
|
||||||
@ -243,13 +247,22 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
|
|||||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
|
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
|
||||||
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls
|
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls
|
||||||
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
|
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
|
||||||
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
|
|
||||||
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
|
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
|
||||||
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
||||||
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
||||||
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
||||||
|
|
||||||
|
# Do not write directly to /var/lib/kerberos anymore as it breaks transactional
|
||||||
|
# updates. Use systemd-tmpfiles to copy the files there when it doesn't exist
|
||||||
|
install -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/
|
||||||
|
install -m 644 %{SOURCE7} %{buildroot}/usr/lib/tmpfiles.d/krb5.conf
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc
|
||||||
|
# Where per-user keytabs live by default.
|
||||||
|
mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user
|
||||||
|
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_datadir}/kerberos/krb5kdc/
|
||||||
|
|
||||||
# all libs must have permissions 0755
|
# all libs must have permissions 0755
|
||||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||||
do
|
do
|
||||||
@ -271,13 +284,13 @@ install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb
|
|||||||
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
||||||
%endif
|
%endif
|
||||||
# install sysconfig templates
|
# install sysconfig templates
|
||||||
mkdir -p $RPM_BUILD_ROOT/%{_fillupdir}
|
mkdir -p %{buildroot}/%{_fillupdir}
|
||||||
install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/
|
install -m 644 %{vendorFiles}/sysconfig.kadmind %{buildroot}/%{_fillupdir}/
|
||||||
install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/
|
install -m 644 %{vendorFiles}/sysconfig.krb5kdc %{buildroot}/%{_fillupdir}/
|
||||||
# install logrotate files
|
# install logrotate files
|
||||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||||
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
||||||
find . -type f -name '*.ps' -exec gzip -9 {} \;
|
find . -type f -name '*.ps' -exec gzip -9 {} +
|
||||||
# create rc* links
|
# create rc* links
|
||||||
mkdir -p %{buildroot}/usr/bin/
|
mkdir -p %{buildroot}/usr/bin/
|
||||||
mkdir -p %{buildroot}/usr/sbin/
|
mkdir -p %{buildroot}/usr/sbin/
|
||||||
@ -329,6 +342,7 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
|
|
||||||
%post server
|
%post server
|
||||||
%service_add_post krb5kdc.service kadmind.service kpropd.service
|
%service_add_post krb5kdc.service kadmind.service kpropd.service
|
||||||
|
%tmpfiles_create krb5.conf
|
||||||
%{fillup_only -n kadmind}
|
%{fillup_only -n kadmind}
|
||||||
%{fillup_only -n krb5kdc}
|
%{fillup_only -n krb5kdc}
|
||||||
%{fillup_only -n kpropd}
|
%{fillup_only -n kpropd}
|
||||||
@ -406,6 +420,7 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%{_unitdir}/kadmind.service
|
%{_unitdir}/kadmind.service
|
||||||
%{_unitdir}/krb5kdc.service
|
%{_unitdir}/krb5kdc.service
|
||||||
%{_unitdir}/kpropd.service
|
%{_unitdir}/kpropd.service
|
||||||
|
%{_libexecdir}/tmpfiles.d/krb5.conf
|
||||||
%else
|
%else
|
||||||
%{_sysconfdir}/init.d/kadmind
|
%{_sysconfdir}/init.d/kadmind
|
||||||
%{_sysconfdir}/init.d/krb5kdc
|
%{_sysconfdir}/init.d/krb5kdc
|
||||||
@ -414,17 +429,24 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%dir %{krb5docdir}
|
%dir %{krb5docdir}
|
||||||
%dir /usr/lib/mit
|
%dir /usr/lib/mit
|
||||||
%dir /usr/lib/mit/sbin
|
%dir /usr/lib/mit/sbin
|
||||||
%dir %{_localstatedir}/lib/kerberos/
|
%dir %{_datadir}/kerberos/
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5kdc
|
%dir %{_datadir}/kerberos/krb5kdc
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5
|
%dir %{_datadir}/kerberos/krb5
|
||||||
%dir %{_localstatedir}/lib/kerberos/krb5/user
|
%dir %{_datadir}/kerberos/krb5/user
|
||||||
%dir %{_libdir}/krb5
|
%dir %{_libdir}/krb5
|
||||||
%dir %{_libdir}/krb5/plugins
|
%dir %{_libdir}/krb5/plugins
|
||||||
%dir %{_libdir}/krb5/plugins/kdb
|
%dir %{_libdir}/krb5/plugins/kdb
|
||||||
%dir %{_libdir}/krb5/plugins/tls
|
%dir %{_libdir}/krb5/plugins/tls
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kdc.conf
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.acl
|
||||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
%attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.dict
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5kdc
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5
|
||||||
|
%ghost %dir %{_sharedstatedir}/kerberos/krb5/user
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kdc.conf
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.acl
|
||||||
|
%ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.dict
|
||||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||||
%{_fillupdir}/sysconfig.*
|
%{_fillupdir}/sysconfig.*
|
||||||
/usr/sbin/rc*
|
/usr/sbin/rc*
|
||||||
@ -489,6 +511,7 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%{_mandir}/man5/k5login.5*
|
%{_mandir}/man5/k5login.5*
|
||||||
%{_mandir}/man1/ksu.1.gz
|
%{_mandir}/man1/ksu.1.gz
|
||||||
%{_mandir}/man1/sclient.1.gz
|
%{_mandir}/man1/sclient.1.gz
|
||||||
|
%{_mandir}/man7/kerberos.7.gz
|
||||||
|
|
||||||
%files plugin-kdb-ldap
|
%files plugin-kdb-ldap
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -518,4 +541,11 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
|
|||||||
%dir %{_libdir}/krb5/plugins/preauth
|
%dir %{_libdir}/krb5/plugins/preauth
|
||||||
%{_libdir}/krb5/plugins/preauth/otp.so
|
%{_libdir}/krb5/plugins/preauth/otp.so
|
||||||
|
|
||||||
|
%files plugin-preauth-spake
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%dir %{_libdir}/krb5
|
||||||
|
%dir %{_libdir}/krb5/plugins
|
||||||
|
%dir %{_libdir}/krb5/plugins/preauth
|
||||||
|
%{_libdir}/krb5/plugins/preauth/spake.so
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
7
krb5.tmpfiles
Normal file
7
krb5.tmpfiles
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
d /var/lib/kerberos 0755 root root -
|
||||||
|
d /var/lib/kerberos/krb5 0755 root root -
|
||||||
|
d /var/lib/kerberos/krb5/user 0755 root root -
|
||||||
|
d /var/lib/kerberos/krb5kdc 0755 root root -
|
||||||
|
C /var/lib/kerberos/krb5kdc/kdc.conf 0600 root root - /usr/share/kerberos/krb5kdc/kdc.conf
|
||||||
|
C /var/lib/kerberos/krb5kdc/kadm5.acl 0600 root root - /usr/share/kerberos/krb5kdc/kadm5.acl
|
||||||
|
C /var/lib/kerberos/krb5kdc/kadm5.dict 0600 root root - /usr/share/kerberos/krb5kdc/kadm5.dict
|
Loading…
Reference in New Issue
Block a user