# # spec file for package krb5 (Version 1.6.1) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild Name: krb5 Version: 1.6.1 Release: 27 BuildRequires: bison libcom_err-devel ncurses-devel %if %{suse_version} > 1010 BuildRequires: keyutils keyutils-devel %endif %define srcRoot krb5-1.6.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/%{name} Provides: heimdal-lib Obsoletes: heimdal-lib Summary: MIT Kerberos5 Implementation--Libraries License: X11/MIT URL: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security Source: krb5-1.6.1.tar.bz2 Source1: vendor-files.tar.bz2 Source2: README.Source Source3: spx.c Source4: EncryptWithMasterKey.c Source5: %{name}-%{version}-rpmlintrc Patch1: krb5-1.5.1-fix-too-few-arguments.dif Patch2: krb5-1.6.1-compile_pie.dif Patch3: krb5-1.4-fix-segfault.dif Patch4: krb5-1.6.1-post.dif Patch6: trunk-EncryptWithMasterKey.dif Patch14: warning-fix-lib-crypto-des.dif Patch15: warning-fix-lib-crypto-dk.dif Patch16: warning-fix-lib-crypto.dif Patch17: warning-fix-lib-crypto-enc_provider.dif Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif Patch20: kprop-use-mkstemp.dif Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif #Patch23: trunk-install-preauth-header.dif Patch24: krb5-1.5.1-fix-strncat-warning.dif Patch25: krb5-1.6.1-init-salt-length.dif Patch26: krb5-1.4.3-extra-check-kt_file.c.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package client Summary: MIT Kerberos5 implementation - client programs Group: Productivity/Networking/Security Provides: heimdal-tools, heimdal-x11 Obsoletes: heimdal-tools, heimdal-x11 %description client Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes some required client programs, like kinit, kadmin, ... Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package server Summary: MIT Kerberos5 implementation - server Group: Productivity/Networking/Security Provides: heimdal Obsoletes: heimdal Requires: perl-Date-Calc PreReq: %insserv_prereq %fillup_prereq %description server Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes the kdc, kadmind and more. Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package devel Summary: MIT Kerberos5 - Include Files and Libraries Group: Development/Libraries/C and C++ PreReq: %{name} = %{version} Requires: libcom_err-devel %if %{suse_version} > 1010 Requires: keyutils-devel %endif Provides: heimdal-tools-devel, heimdal-devel Obsoletes: heimdal-tools-devel, heimdal-devel %description devel Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes Libraries and Include Files for Development Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package apps-servers Summary: MIT Kerberos5 server applications Group: Productivity/Networking/Security %description apps-servers Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes some kerberos compatible server applications like ftpd, klogind, telnetd, ... Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package apps-clients Summary: MIT Kerberos5 client applications Group: Productivity/Networking/Security %description apps-clients Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes some kerberos compatible client applications like ftp, rpc, rlogin, telnet, ... Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ] then echo "spx.c contains potential legal risks." exit 1; else cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c fi %patch1 %patch2 %patch3 %patch4 %patch6 %patch14 %patch15 %patch16 %patch17 %patch18 %patch20 %patch21 %patch22 #%patch23 %patch24 %patch25 %patch26 cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c %build cd src %{?suse_update_config:%{suse_update_config -f}} ./util/reconf CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC " \ ./configure \ --prefix=/usr/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libexecdir=/usr/lib/mit/sbin \ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ --enable-shared \ --disable-static \ --enable-kdc-replay-cache \ --enable-dns-for-realm \ --with-system-et \ --with-system-ss make %{?jobs:-j%jobs} #make check %install rm -rf %{buildroot} cd src make DESTDIR=%{buildroot} install cd .. # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind for n in ftpd.8 telnetd.8; do mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n} done for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n} done # all libs must have permissions 0755 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"` do chmod 0755 ${lib} done # and binaries too chmod 0755 %{buildroot}/usr/lib/mit/bin/v4rcp chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu # install init scripts mkdir -p %{buildroot}%{_sysconfdir}/init.d install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d # install xinetd files mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server find . -type f -name '*.ps' -exec gzip -9 {} \; # create rc* links mkdir -p %{buildroot}/usr/bin/ ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d # create links for kinit and klist, because of the java ones ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist # install helper scripts install -d -m 755 %{buildroot}/usr/lib/mit/helper install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/usr/lib/mit/helper/heimdal2mit-DumpConvert.pl install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/usr/lib/mit/helper/simple_convert_krb5conf.pl # install doc install -d -m 755 %{buildroot}/%{krb5docdir} install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share ##################################################### # krb5 pre/post/postun ##################################################### %pre # test update from heimdal-lib if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null` then # we update from heimdal echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal" mv etc/krb5.conf etc/krb5.conf.heimdal touch var/adm/fillup-templates/heimdal-update if [ -e etc/krb5.keytab ] then echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal" mv etc/krb5.keytab etc/krb5.keytab.heimdal fi fi %post %run_ldconfig if [ -e var/adm/fillup-templates/heimdal-update ] then /usr/lib/mit/helper/simple_convert_krb5conf.pl rm -f /var/adm/fillup-templates/heimdal-update fi if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ] then echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf" mv etc/krb5.conf.rpmnew etc/krb5.conf fi %postun %run_ldconfig ##################################################### # krb5-server preun/postun ##################################################### %preun server %stop_on_removal krb5kdc kadmind kpropd krb524d %postun server %restart_on_update krb5kdc kadmind kpropd krb524d %{insserv_cleanup} %clean rm -rf %{buildroot} ######################################################## # files sections ######################################################## %files %defattr(-,root,root) %dir %{krb5docdir} # add plugin directories %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 %dir /usr/lib/mit/helper # add log directory %attr(0700,root,root) %dir /var/log/krb5 %doc %{krb5docdir}/README /usr/lib/mit/helper/simple_convert_krb5conf.pl %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf %attr(0644,root,root) %config /etc/profile.d/krb5* %{_libdir}/lib*.so.* %{_libdir}/libgssapi_krb5.so %files server %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server %{_sysconfdir}/init.d/kadmind %{_sysconfdir}/init.d/krb5kdc %{_sysconfdir}/init.d/kpropd %{_sysconfdir}/init.d/krb524d %dir %{krb5docdir} %dir /usr/lib/mit %dir /usr/lib/mit/sbin %dir /usr/lib/mit/helper %dir %{_localstatedir}/lib/kerberos/ %dir %{_localstatedir}/lib/kerberos/krb5kdc %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %doc %{krb5docdir}/README.ConvertHeimdalMIT %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict /usr/bin/rc* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind /usr/lib/mit/sbin/kpropd /usr/lib/mit/sbin/kprop /usr/lib/mit/sbin/kdb5_util /usr/lib/mit/sbin/krb5kdc /usr/lib/mit/sbin/krb524d /usr/lib/mit/sbin/EncryptWithMasterKey /usr/lib/mit/helper/heimdal2mit-DumpConvert.pl %{_libdir}/krb5/plugins/kdb/*.so %{_mandir}/man5/kdc.conf.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* %{_mandir}/man8/kprop.8* %{_mandir}/man8/kdb5_util.8* %{_mandir}/man8/krb5kdc.8* %{_mandir}/man8/krb524d.8* /etc/sysconfig/SuSEfirewall2.d/services/k* %files client %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin /usr/lib/mit/bin/kvno /usr/lib/mit/bin/kinit /usr/lib/mit/bin/kdestroy /usr/lib/mit/bin/kpasswd /usr/lib/mit/bin/klist /usr/lib/mit/bin/krb524init /usr/lib/mit/sbin/kadmin /usr/lib/mit/sbin/ktutil /usr/lib/mit/sbin/k5srvutil /usr/bin/kinit /usr/bin/klist %{_mandir}/man1/kvno.1* %{_mandir}/man1/kinit.1* %{_mandir}/man1/krb524init.1* %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* %{_mandir}/man1/kerberos.1* %{_mandir}/man5/krb5.conf.5* %{_mandir}/man5/.k5login.5* %{_mandir}/man8/kadmin.8* %{_mandir}/man8/ktutil.8* %{_mandir}/man8/k5srvutil.8* %files apps-servers %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/xinetd.d/klogin %config(noreplace) %{_sysconfdir}/xinetd.d/kshell %config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet %dir /usr/lib/mit %dir /usr/lib/mit/sbin /usr/lib/mit/sbin/ftpd /usr/lib/mit/sbin/klogind /usr/lib/mit/sbin/kshd /usr/lib/mit/sbin/telnetd /usr/lib/mit/sbin/uuserver /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/gss-server /usr/lib/mit/sbin/sim_server /usr/lib/mit/sbin/login.krb5 %{_mandir}/man8/kftpd.8* %{_mandir}/man8/klogind.8* %{_mandir}/man8/kshd.8* %{_mandir}/man8/ktelnetd.8* %{_mandir}/man8/sserver.8* %{_mandir}/man8/login.krb5.8* %files apps-clients %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin /usr/lib/mit/bin/ftp /usr/lib/mit/bin/rlogin # removed SUID bit, we will rely on su + pam_krb %attr(0755,root,root) /usr/lib/mit/bin/ksu /usr/lib/mit/bin/rcp /usr/lib/mit/bin/rsh /usr/lib/mit/bin/telnet /usr/lib/mit/bin/uuclient /usr/lib/mit/bin/sclient /usr/lib/mit/bin/gss-client /usr/lib/mit/bin/sim_client # removed SUID bit %attr(0755,root,root)/usr/lib/mit/bin/v4rcp %{_mandir}/man1/kftp.1* %{_mandir}/man1/krlogin.1* %{_mandir}/man1/krsh.1* %{_mandir}/man1/ktelnet.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/krcp.1* %{_mandir}/man1/v4rcp.1* %{_mandir}/man1/sclient.1* %files devel %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin /usr/lib/mit/bin/krb5-config %{_libdir}/libdes425.so %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5srv.so %{_libdir}/libkdb5.so %{_libdir}/libkrb4.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_includedir}/* /usr/lib/mit/sbin/krb5-send-pr %{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* %changelog * Thu Jul 05 2007 - mc@suse.de - change requires to libcom_err-devel * Mon Jul 02 2007 - mc@suse.de - update krb5-1.6.1-post.dif * fix leak in krb5_walk_realm_tree * rd_req_decoded needs to deal with referral realms * fix buffer overflow in kadmind (MITKRB5-SA-2007-005 - CVE-2007-2798) [#278689] * fix kadmind code execution bug (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443) [#271191] * Thu Jun 14 2007 - mc@suse.de - fix unstripped-binary-or-object rpmlint warning * Mon Jun 11 2007 - sschober@suse.de - fixing rpmlint warnings and errors: * merged logrotate scripts kadmin and krb5kdc into a single file krb5-server. * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper. adapted krb5.spec and README.ConvertHeimdalMIT accordingly. * added surpression filter for "devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so" (see [#147912]). * set default runlevel of init scripts in chkconfig line to 3 and 5 * Wed May 09 2007 - mc@suse.de - fix uninitialized salt length - add extra check for keytab file * Thu May 03 2007 - mc@suse.de - adding krb5-1.6.1-post.dif * fix segfault in krb5_get_init_creds_password * remove debug output in ftp client * profile stores empty string values without double quotes * Mon Apr 23 2007 - mc@suse.de - update to final 1.6.1 version * Wed Apr 18 2007 - mc@suse.de - add plugin directories to main package * Mon Apr 16 2007 - mc@suse.de - update to version 1.6.1 Beta1 - remove obsolete patches (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - rework compile_pie patch * Wed Apr 11 2007 - mc@suse.de - update krb5-1.6-post.dif * fix kadmind stack overflow in krb5_klog_syslog (MITKRB5-SA-2007-002 - CVE-2007-0957) [#253548] * fix double free attack in the RPC library (MITKRB5-SA-2007-003 - CVE-2007-1216) [#252487] * fix krb5 telnetd login injection (MIT-SA-2007-001 - CVE-2007-0956) [#247765] * Thu Mar 29 2007 - mc@suse.de - add ncurses-devel and bison to BuildRequires - rework some patches * Mon Mar 05 2007 - mc@suse.de - move SuSEFirewall service definitions to /etc/sysconfig/SuSEfirewall2.d/services * Thu Feb 22 2007 - mc@suse.de - add firewall definition to krb5-server, FATE #300687 * Mon Feb 19 2007 - mc@suse.de - update krb5-1.6-post.dif - move some applications into the right package * Fri Feb 09 2007 - mc@suse.de - update krb5-1.6-post.dif * Mon Jan 29 2007 - mc@suse.de - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif are now upstream. Remove patches. - fix leak in krb5_kt_resolve and krb5_kt_wresolve * Tue Jan 23 2007 - mc@suse.de - fix "local variable used before set" in ftp.c [#237684] * Mon Jan 22 2007 - mc@suse.de - krb5-devel should require keyutils-devel * Mon Jan 22 2007 - mc@suse.de - update to version 1.6 * Major changes in 1.6 include * Partial client implementation to handle server name referrals. * Pre-authentication plug-in framework, donated by Red Hat. * LDAP KDB plug-in, donated by Novell. - remove obsolete patches * Wed Jan 10 2007 - mc@suse.de - fix for kadmind (via RPC library) calls uninitialized function pointer (CVE-2006-6143)(Bug #225990) krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif - fix for kadmind (via GSS-API mechglue) frees uninitialized pointers (CVE-2006-6144)(Bug #225992) krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif * Tue Jan 02 2007 - mc@suse.de - Fix Requires in krb5-devel [Bug #231008] * Mon Nov 06 2006 - mc@suse.de - fix "local variable used before set" [#217692] - fix strncat warning * Fri Oct 27 2006 - mc@suse.de - add a default kadm5.dict file - require $network on daemon start * Wed Sep 13 2006 - mc@suse.de - fix function call with too few arguments [#203837] * Thu Aug 24 2006 - mc@suse.de - update to version 1.5.1 - remove obsolete patches which are now included upstream * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif * trunk-fix-uninitialized-vars.dif * Fri Aug 11 2006 - mc@suse.de - krb5 setuid return check fixes krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif [#182351] * Mon Aug 07 2006 - mc@suse.de - remove update-messages * Mon Jul 24 2006 - mc@suse.de - add check for krb5_prop in services to kpropd init script. [#192446] * Mon Jul 03 2006 - mc@suse.de - update to version 1.5 * KDB abstraction layer, donated by Novell. * plug-in architecture, allowing for extension modules to be loaded at run-time. * multi-mechanism GSS-API implementation ("mechglue"), donated by Sun Microsystems * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") implementation, donated by Sun Microsystems - remove obsolete patches and add some new * Fri May 26 2006 - ro@suse.de - libcom is not in e2fsck-devel but in its own package now, change Requires accordingly. * Mon Mar 27 2006 - mc@suse.de - add all daemons to %%stop_on_removal and %%restart_on_update - add reload to kpropd init script - add force-reload to all init scripts * Mon Mar 13 2006 - mc@suse.de - add libgssapi_krb5.so link to main package [#147912] * Fri Feb 03 2006 - mc@suse.de - fix logging section for kadmind in convert script * Wed Jan 25 2006 - mls@suse.de - converted neededforbuild to BuildRequires * Fri Jan 13 2006 - mc@suse.de - change the logging defaults * Wed Jan 11 2006 - mc@suse.de - add tools and README for heimdal => MIT update * Mon Jan 09 2006 - mc@suse.de - fix build problems, define _GNU_SOURCE (krb5-1.4.3-set_gnu_source.dif ) * Tue Jan 03 2006 - mc@suse.de - added "make %%{?jobs:-j%%jobs}" * Fri Nov 18 2005 - mc@suse.de - update to version 1.4.3 * some memmory leaks fixed * fix for "AS_REP padata has wrong enctype" * fix for "AS_REP padata missing PA-ETYPE-INFO" * ... and more * Wed Nov 02 2005 - dmueller@suse.de - don't build as root * Tue Oct 11 2005 - mc@suse.de - update to version 1.4.2 - remove some obsolet patches * Mon Aug 08 2005 - mc@suse.de - build with --disable-static * Thu Aug 04 2005 - ro@suse.de - remove devel-static subpackage * Thu Jun 30 2005 - mc@suse.de - better patch for princ_comp problem * Mon Jun 27 2005 - mc@suse.de - update to version 1.4.1 - remove obsolet patches - krb5-1.4-gcc4.dif - krb5-1.4-reduce-namespace-polution.dif - krb5-1.4-VUL-0-telnet.dif * Thu Jun 23 2005 - mc@suse.de - fixed krb5 KDC heap corruption by random free [#80574, CAN-2005-1174, MITKRB5-SA-2005-002] - fixed krb5 double free() [#86768, CAN-2005-1689, MITKRB5-SA-2005-003] - fix krb5 NULL pointer reference while comparing principals [#91600] * Fri Jun 17 2005 - mc@suse.de - fix uninitialized variables - compile with -fPIE/ link with -pie * Wed Apr 20 2005 - mc@suse.de - fixed wrong xinetd files [#77149] * Fri Apr 08 2005 - mt@suse.de - removed krb5-1.4-fix-error_tables.dif patch obsoleted by libcom_err locking patches * Thu Apr 07 2005 - mc@suse.de - fixed missing descriptions in init files [#76164, #76165, #76166, #76169] * Wed Mar 30 2005 - mc@suse.de - enhance $PATH via /etc/profile.d/ [#74018] - remove the "links to important programs" * Fri Mar 18 2005 - mc@suse.de - fixed not running converter script [#72854] * Thu Mar 17 2005 - mc@suse.de - Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer Overflow - Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer Overflow [#73618] * Wed Mar 16 2005 - mc@suse.de - fixed wrong PreReqs [#73020] * Tue Mar 15 2005 - mc@suse.de - add a simple krb5.conf converter [#72854] * Mon Mar 14 2005 - mc@suse.de - fixed: rckrb5kdc restart gives wrong status with non-running service [#72446] * Thu Mar 10 2005 - mc@suse.de - add requires: e2fsprogs-devel to krb5-devel package [#71732] * Fri Feb 25 2005 - mc@suse.de - fix double free [#66534] krb5-1.4-fix-error_tables.dif * Fri Feb 11 2005 - mc@suse.de - change mode for shared libraries to 755 * Fri Feb 04 2005 - mc@suse.de - remove spx.c from tarball because of legal risk - add README.Source which tell the user about this action. - add a check for spx.c in the spec-file - use rich-text for update-messages [#50250] * Tue Feb 01 2005 - mc@suse.de - add krb5-1.4-reduce-namespace-polution.dif reduce namespace polution in gssapi.h [#50356] * Fri Jan 28 2005 - mc@suse.de - update to version 1.4 - Add implementation of the RPCSEC_GSS authentication flavor to the RPC library. - Thread safety for krb5 libraries. - Merged Athena telnetd changes for creating a new option for requiring encryption. - The kadmind4 backwards-compatibility admin server and the v5passwdd backwards-compatibility password-changing server have been removed. - Yarrow code now uses AES. - Merged Athena changes to allow ftpd to require encrypted passwords. - Incorporate gss_krb5_set_allowable_enctypes() and gss_krb5_export_lucid_sec_context(), which are needed for NFSv4. - remove obsolet patches * Mon Jan 17 2005 - mc@suse.de - add proofreaded update-messages * Fri Jan 14 2005 - mc@suse.de - remove Conflicts: and add Provides: - add some insserv stuff * Thu Jan 13 2005 - mc@suse.de - move vendor files to vendor-files.tar.bz2 - add obsoletes: heimdal - add %%pre and %%post sections to detect update from heimdal and backup invalid configuration files - add update-messages for heimdal update * Mon Jan 10 2005 - mc@suse.de - update to version 1.3.6 - fix for: heap buffer overflow in libkadm5srv [CAN-2004-1189 / MITKRB5-SA-2004-004] * Tue Dec 14 2004 - mc@suse.de - build doc subpackage in an own specfile - removed unnecessary neededforbuild requirements * Wed Nov 24 2004 - coolo@suse.de - fix build with gcc 4 * Mon Nov 15 2004 - mc@suse.de - added Conflicts with heimdal* - rename some manpages to avoid conflicts * Thu Nov 04 2004 - mc@suse.de - new init scripts - fix logrotate scripts - add some 64Bit fixes - add default krb5.conf, kdc.conf and kadm5.acl * Wed Nov 03 2004 - mc@suse.de - add e2fsprogs to NFB - use system-et and system-ss - fix includes of com_err.h * Thu Oct 28 2004 - mc@suse.de - Initital checkin