%define bootstrap 0 %{?_without_bootstrap: %global bootstrap 0} %{?_with_bootstrap: %global bootstrap 1} %define major 3 %define libname %mklibname %name %major # enable checking after compile %define enable_check 0 %{?_with_check: %global %enable_check 1} Summary: The Kerberos network authentication system Name: krb5 Version: 1.15.1 %define subrel 1 Release: %mkrel 2 License: MIT Group: System/Libraries URL: http://web.mit.edu/kerberos/www/ Source0: http://web.mit.edu/kerberos/dist/krb5/1.15/%{name}-%{version}.tar.gz Source1: http://web.mit.edu/kerberos/dist/krb5/1.15/%{name}-%{version}.tar.gz.asc Source2: kprop.service Source3: kadmin.service Source4: krb5kdc.service Source5: kadmin.sysconfig Source6: krb5kdc.sysconfig Source7: kadmin.logrotate Source8: krb5kdc.logrotate Source9: krb5.conf Source10: kdc.conf Source11: kadm5.acl Source12: krb5kdc.tmpfile Source25: krb5-1.10-manpaths.txt Source29: ksu.pamd # stolen from fedora Patch1: krb5-1.12.1-pam.patch Patch2: krb5-1.15-beta1-selinux-label.patch Patch3: krb5-1.12-ksu-path.patch Patch4: krb5-1.12-ktany.patch Patch5: krb5-1.15-beta1-buildconf.patch Patch6: krb5-1.3.1-dns.patch Patch7: krb5-1.12-api.patch Patch8: krb5-1.13-dirsrv-accountlock.patch Patch9: krb5-1.9-debuginfo.patch Patch10: krb5-1.11-run_user_0.patch Patch11: krb5-1.11-kpasswdtest.patch Patch12: Build-with-Werror-implicit-int-where-supported.patch Patch15: Use-fallback-realm-for-GSSAPI-ccache-selection.patch Patch16: Use-GSSAPI-fallback-skiptest.patch Patch17: Improve-PKINIT-UPN-SAN-matching.patch #Patch18: Add-test-cert-generation-to-make-certs.sh.patch Patch19: Add-PKINIT-UPN-tests-to-t_pkinit.py.patch Patch20: Deindent-crypto_retrieve_X509_sans.patch Patch21: Add-certauth-pluggable-interface.patch Patch22: Prevent-KDC-unset-status-assertion-failures.patch BuildRequires: flex BuildRequires: bison BuildRequires: chrpath BuildRequires: termcap-devel BuildRequires: e2fsprogs-devel BuildRequires: pam-devel BuildRequires: verto-devel BuildRequires: python-sphinx BuildRequires: texlive BuildRequires: texlive-dist BuildRequires: openssl-devel BuildRequires: yasm %if %enable_check BuildRequires: dejagnu %endif BuildRequires: multiarch-utils >= 1.0.3 %if !%bootstrap BuildRequires: openldap-devel %endif %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package -n %{libname}-devel Summary: Development files needed for compiling Kerberos 5 programs Group: Development/Other Requires: %{libname} = %{version} Provides: krb-devel = %{version}-%{release} Provides: krb5-devel = %{version}-%{release} Provides: libkrb-devel %description -n %{libname}-devel Kerberos is a network authentication system. The krb5-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. If you want to develop Kerberos-aware programs, you'll need to install this package. %package -n %{libname} Summary: The shared libraries used by Kerberos 5 Group: System/Libraries Provides: krb5-libs = %{version}-%{release} # we need the conf file, and better make sure it's a recent version # for example, previous MIT kerberos versions didn't have ldap support, # and this is specified in the conf file Requires: %{name} >= %{version} %description -n %{libname} Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you're using Kerberos, you'll need to install this package. %package server Group: System/Servers Summary: The server programs for Kerberos 5 Requires: %{libname} = %{version}-%{release} Requires(post): rpm-helper Requires(preun):rpm-helper Requires: libverto-module-base %description server Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 server. If you're installing a Kerberos 5 server, you need to install this package (in other words, most people should NOT install this package). %package server-ldap Group: System/Servers Summary: The LDAP storage plugin for the Kerberos 5 KDC Requires: %{name}-server = %{version}-%{release} %description server-ldap Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 key distribution center (KDC). If you are installing a Kerberos 5 KDC, and you wish to use a directory server to store the data for your realm, you need to install this package. %package workstation Summary: Kerberos 5 programs for use on workstations Group: System/Base Requires: %{libname} = %{version}-%{release} Requires(post): rpm-helper Requires(preun):rpm-helper Provides: kerberos-workstation %description workstation Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd). If your network uses Kerberos, this package should be installed on every workstation. %package pkinit-openssl Summary: The PKINIT module for Kerberos 5 Group: System/Libraries Requires: %{name}-libs = %{version}-%{release} %description pkinit-openssl Kerberos is a network authentication system. The krb5-pkinit-openssl package contains the PKINIT plugin, which uses OpenSSL to allow clients to obtain initial credentials from a KDC using a private key and a certificate. %prep %setup -q %autopatch -p1 # Take the execute bit off of documentation. chmod -x doc/ccapi/*.html sed -i s,^attributetype:,attributetypes:,g \ src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif pushd src autoreconf %build %serverbuild pushd src # Work out the CFLAGS and CPPFLAGS which we intend to use. INCLUDES=-I%{_includedir}/et CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC`" CPPFLAGS="`echo $DEFINES $INCLUDES`" %configure2_5x \ CC="%{__cc}" \ CFLAGS="$CFLAGS" \ CPPFLAGS="$CPPFLAGS" \ --enable-shared \ --localstatedir=%{_localstatedir}/lib \ --disable-rpath \ --disable-static \ --without-tcl \ --with-system-et \ --with-system-ss \ --with-system-verto \ --enable-dns-for-realm \ %if !%bootstrap --with-ldap \ %endif --with-dirsrv-account-locking \ --enable-pkinit \ --with-pkinit-crypto-impl=openssl \ --with-tls-impl=openssl \ --with-pam \ --without-selinux \ --with-prng-alg=os # parallel build causes troubles on build host make popd # Build the docs. make -C src/doc paths.py version.py cp src/doc/paths.py doc/ mkdir -p build-man build-html build-pdf sphinx-build -a -b man -t pathsubs doc build-man sphinx-build -a -b html -t pathsubs doc build-html rm -fr build-html/_sources sphinx-build -a -b latex -t pathsubs doc build-pdf # Build the PDFs if we didn't have pre-built ones. for pdf in admin appdev basic build plugindev user ; do test -s build-pdf/$pdf.pdf || make -C build-pdf done # new krb5-%{version}-pdf tar -cf "krb5-%{version}-pdfs.tar.new" build-pdf/*.pdf %install # Sample KDC config files (bundled kdc.conf and kadm5.acl) install -d -m 755 %{buildroot}%{_localstatedir}/lib/krb5kdc install -m 600 %{SOURCE10} %{buildroot}%{_localstatedir}/lib/krb5kdc/kdc.conf install -m 600 %{SOURCE11} %{buildroot}%{_localstatedir}/lib/krb5kdc/kadm5.acl # Where per-user keytabs live by default. install -d -m 755 %{buildroot}%{_localstatedir}/lib/krb5/user # Default configuration file for everything install -d -m 755 %{buildroot}%{_sysconfdir} install -m 644 %{SOURCE9} %{buildroot}%{_sysconfdir}/krb5.conf # Parent of configuration file for list of loadable GSS mechs ("mechs"). This # location is not relative to sysconfdir, but is hard-coded in g_initialize.c. install -d -m 755 %{buildroot}%{_sysconfdir}/gss # Parent of groups of configuration files for a list of loadable GSS mechs # ("mechs"). This location is not relative to sysconfdir, and is also # hard-coded in g_initialize.c. install -d -m 755 %{buildroot}%{_sysconfdir}/gss/mech.d install -d -m 755 %{buildroot}%{_unitdir} install -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/kprop.service install -m 644 %{SOURCE3} %{buildroot}%{_unitdir}/kadmin.service install -m 644 %{SOURCE4} %{buildroot}%{_unitdir}/krb5kdc.service install -d -m 755 %{buildroot}%{_tmpfilesdir} install -m 644 %{SOURCE12} %{buildroot}/%{_tmpfilesdir}/krb5kdc.conf # sysconfig configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/sysconfig install -m 644 %{SOURCE5} %{buildroot}%{_sysconfdir}/sysconfig/kadmin install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/sysconfig/krb5kdc # logrotate configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{SOURCE7} %{buildroot}%{_sysconfdir}/logrotate.d/kadmin install -m 644 %{SOURCE8} %{buildroot}%{_sysconfdir}/logrotate.d/krb5kdc # PAM configuration files install -d -m 755 %{buildroot}%{_sysconfdir}/pam.d install -m 644 %{SOURCE29} %{buildroot}%{_sysconfdir}/pam.d/ksu # Plug-in directories. install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/preauth install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/kdb install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/authdata # The rest of the binaries, headers, libraries, and docs. make -C src \ DESTDIR=%{buildroot} \ EXAMPLEDIR=%{_docdir}/%{libname}-devel/examples\ install # logdir install -d %{buildroot}%{_localstatedir}/log/kerberos # clear the LDFLAGS perl -pi -e "s|^LDFLAGS.*|LDFLAGS=''|g" %{buildroot}%{_bindir}/krb5-config # multiarch policy %multiarch_binaries %{buildroot}%{_bindir}/krb5-config %multiarch_includes %{buildroot}%{_includedir}/gssapi/gssapi.h # (gb) this one could be fixed differently and properly using <stdint.h> %multiarch_includes %{buildroot}%{_includedir}/gssrpc/types.h # multiarch_includes %{buildroot}%{_includedir}/krb5/k5-config.h # multiarch_includes %{buildroot}%{_includedir}/krb5/autoconf.h # multiarch_includes %{buildroot}%{_includedir}/krb5/osconf.h %multiarch_includes %{buildroot}%{_includedir}/krb5.h # Install processed man pages. for section in 1 5 8; do install -m 644 build-man/*.$section %{buildroot}%{_mandir}/man$section/ done %if %bootstrap rm -f %{buildroot}%{_mandir}/man8/kdb5_ldap_util.8* %endif %find_lang mit-krb5 %post server %_post_service krb5kdc %_post_service kadmin %_post_service kprop %preun server %_preun_service krb5kdc %_preun_service kadmin %_preun_service kprop %files -f mit-krb5.lang %doc README %dir %{_sysconfdir}/gss %dir %{_sysconfdir}/gss/mech.d %config(noreplace) %{_sysconfdir}/krb5.conf %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %{_mandir}/man5/krb5.conf.5* %{_mandir}/man5/.k5login.5* %{_mandir}/man5/.k5identity.5* %{_mandir}/man5/k5login.5* %{_mandir}/man5/k5identity.5* %dir %{_var}/lib/krb5 %dir %{_var}/lib/krb5/user %files workstation %doc src/config-files/services.append %doc build-html/* %doc build-pdf/user.pdf build-pdf/basic.pdf %attr(0755,root,root) %doc src/config-files/convert-config-files %{_bindir}/kdestroy %{_mandir}/man1/kdestroy.1* %{_bindir}/kinit %{_mandir}/man1/kinit.1* %{_bindir}/klist %{_mandir}/man1/klist.1* %{_bindir}/kpasswd %{_mandir}/man1/kpasswd.1* %{_bindir}/kswitch %{_mandir}/man1/kswitch.1* %{_bindir}/kvno %{_mandir}/man1/kvno.1* %{_bindir}/kadmin %{_mandir}/man1/kadmin.1* %{_bindir}/k5srvutil %{_mandir}/man1/k5srvutil.1* %{_bindir}/ktutil %{_mandir}/man1/ktutil.1* %attr(4755,root,root) %{_bindir}/ksu %{_mandir}/man1/ksu.1* %config(noreplace) /etc/pam.d/ksu # Problem-reporting tool %{_sbindir}/krb5-send-pr %files server %doc build-pdf/admin.pdf build-pdf/build.pdf %{_unitdir}/krb5kdc.service %{_unitdir}/kadmin.service %{_unitdir}/kprop.service %{_tmpfilesdir}/krb5kdc.conf %config(noreplace) %{_sysconfdir}/sysconfig/krb5kdc %config(noreplace) %{_sysconfdir}/sysconfig/kadmin %config(noreplace) %{_sysconfdir}/logrotate.d/kadmin %config(noreplace) %{_sysconfdir}/logrotate.d/krb5kdc %dir %{_localstatedir}/log/kerberos %dir %{_localstatedir}/lib/krb5kdc %config(noreplace) %{_localstatedir}/lib/krb5kdc/kdc.conf %config(noreplace) %{_localstatedir}/lib/krb5kdc/kadm5.acl %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man5/kdc.conf.5* %{_sbindir}/kadmin.local %{_mandir}/man8/kadmin.local.8* %{_sbindir}/kadmind %{_mandir}/man8/kadmind.8* %{_sbindir}/kdb5_util %{_mandir}/man8/kdb5_util.8* %if !%bootstrap %{_sbindir}/kdb5_ldap_util %{_mandir}/man8/kdb5_ldap_util.8* %endif %{_sbindir}/kprop %{_mandir}/man8/kprop.8* %{_sbindir}/kpropd %{_mandir}/man8/kpropd.8* %{_sbindir}/kproplog %{_mandir}/man8/kproplog.8* %{_sbindir}/krb5kdc %{_mandir}/man8/krb5kdc.8* %{_sbindir}/sim_server # This is here for people who want to test their server. It was formerly also # included in -devel. %{_bindir}/sclient %{_mandir}/man1/sclient.1* %{_sbindir}/sserver %{_mandir}/man8/sserver.8* %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/authdata %dir %{_libdir}/krb5/plugins/tls %{_libdir}/krb5/plugins/preauth/otp.so %{_libdir}/krb5/plugins/preauth/test.so %{_libdir}/krb5/plugins/tls/k5tls.so %files -n %{libname} %{_libdir}/libgssapi_krb5.so.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkdb5.so.* %{_libdir}/libkrad.so.* %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/* %{_libdir}/krb5/plugins/kdb/db2.so %files -n %{libname}-devel %doc build-pdf/appdev.pdf build-pdf/plugindev.pdf %doc %{_docdir}/%{libname}-devel %multiarch %{multiarch_bindir}/krb5-config %multiarch %{multiarch_includedir}/gssapi/gssapi.h %multiarch %{multiarch_includedir}/gssrpc/types.h %multiarch %{multiarch_includedir}/krb5.h %{_includedir}/*.h %{_includedir}/gssapi %{_includedir}/gssrpc %{_includedir}/kadm5 %{_includedir}/krb5 %{_bindir}/krb5-config %{_libdir}/libgssapi_krb5.so %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5clnt_mit.so %{_libdir}/libkadm5srv.so %{_libdir}/libkadm5srv_mit.so %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libkrad.so %{_mandir}/man1/krb5-config.1* %{_libdir}/pkgconfig/* # Protocol test clients %{_bindir}/sim_client %{_bindir}/gss-client %{_bindir}/uuclient # Protocol test servers %{_sbindir}/gss-server %{_sbindir}/uuserver %{_mandir}/man5/.k5login.5* %{_mandir}/man5/krb5.conf.5* %files pkinit-openssl %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so %files server-ldap %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %if !%bootstrap %{_libdir}/krb5/plugins/kdb/kldap.so %{_libdir}/libkdb_ldap.so %{_libdir}/libkdb_ldap.so.* %{_sbindir}/kdb5_ldap_util %endif %changelog * Thu Jul 27 2017 luigiwalser <luigiwalser> 1.15.1-2.1.mga6 + Revision: 1131369 - add patch from fedora to fix CVE-2017-11368 * Mon Apr 24 2017 guillomovitch <guillomovitch> 1.15.1-2.mga6 + Revision: 1097262 - don't include non-existing directory in default configuration file * Sun Apr 09 2017 luigiwalser <luigiwalser> 1.15.1-1.mga6 + Revision: 1096201 - 1.15.1 - sync patches with fedora (except binary patch) * Mon Feb 13 2017 guillomovitch <guillomovitch> 1.15-1.mga6 + Revision: 1086052 - new version 1.15 switch to kernel keyring credentials for default * Fri Nov 11 2016 luigiwalser <luigiwalser> 1.14.4-1.mga6 + Revision: 1066612 - 1.14.4 - resync patches with fedora * Thu Aug 11 2016 luigiwalser <luigiwalser> 1.14.3-1.mga6 + Revision: 1045555 - 1.14.3 - remove upstreamed patches * Mon Aug 08 2016 luigiwalser <luigiwalser> 1.14.2-3.mga6 + Revision: 1045002 - add patch from fedora to fix CVE-2016-3120 * Tue Jun 28 2016 luigiwalser <luigiwalser> 1.14.2-2.mga6 + Revision: 1038041 - add patch from fedora to fix recv() size calculation in libkrad * Mon May 09 2016 luigiwalser <luigiwalser> 1.14.2-1.mga6 + Revision: 1011438 - 1.14.2 - remove upstream CVE-2016-3119 patch * Wed Mar 23 2016 luigiwalser <luigiwalser> 1.14.1-1.mga6 + Revision: 994631 - 1.14.1 - remove upstream CVE patches - add patch from fedora to fix CVE-2016-3119 * Wed Mar 02 2016 umeabot <umeabot> 1.14-3.mga6 + Revision: 983552 - Rebuild for openssl * Fri Jan 29 2016 luigiwalser <luigiwalser> 1.14-2.mga6 + Revision: 928991 - add patches from fedora to fix CVE-2015-8629, CVE-2015-863[01] and world-readable krb5kdc.log * Tue Nov 24 2015 guillomovitch <guillomovitch> 1.14-1.mga6 + Revision: 905869 - new version * Mon Nov 09 2015 luigiwalser <luigiwalser> 1.12.2-12.mga6 + Revision: 900094 - add patch from fedora to fix CVE-2015-2698 * Tue Nov 03 2015 luigiwalser <luigiwalser> 1.12.2-11.mga6 + Revision: 897564 - add patches from fedora to fix CVE-2015-269[5-7] * Mon Sep 28 2015 blino <blino> 1.12.2-10.mga6 + Revision: 884333 - fix packaging examples in devel package doc * Fri Aug 21 2015 tmb <tmb> 1.12.2-9.mga6 + Revision: 867528 - rebuild for new gcc * Wed May 06 2015 luigiwalser <luigiwalser> 1.12.2-8.mga5 + Revision: 821332 - add patch from fedora to fix CVE-2015-2694 * Fri Mar 20 2015 luigiwalser <luigiwalser> 1.12.2-7.mga5 + Revision: 819032 - add upstream patch to fix CVE-2014-5355 * Wed Feb 04 2015 luigiwalser <luigiwalser> 1.12.2-6.mga5 + Revision: 813452 - add upstream patch to fix CVE-2014-5352 and CVE-2014-942[1-3] * Tue Dec 16 2014 luigiwalser <luigiwalser> 1.12.2-5.mga5 + Revision: 803595 - add upstream patches to fix CVE-2014-5353 and CVE-2014-5354 * Mon Nov 17 2014 luigiwalser <luigiwalser> 1.12.2-4.mga5 + Revision: 797643 - add patch from fedora to fix CVE-2014-5351 * Wed Oct 15 2014 umeabot <umeabot> 1.12.2-3.mga5 + Revision: 747025 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 1.12.2-2.mga5 + Revision: 681190 - Mageia 5 Mass Rebuild * Sat Aug 16 2014 luigiwalser <luigiwalser> 1.12.2-1.mga5 + Revision: 664028 - 1.12.2 - remove upstreamed patch 56 - remove upstreamed CVE patches * Fri Aug 08 2014 luigiwalser <luigiwalser> 1.12.1-2.mga5 + Revision: 661172 - add patches from fedora to fix CVE-2014-434[1-5] * Tue Feb 04 2014 guillomovitch <guillomovitch> 1.12.1-1.mga5 + Revision: 580534 - new version 1.12.1 * Fri Nov 15 2013 guillomovitch <guillomovitch> 1.11.4-1.mga4 + Revision: 551376 - new version 1.11.4 * Mon Oct 21 2013 umeabot <umeabot> 1.11.3-3.mga4 + Revision: 537829 - Mageia 4 Mass Rebuild * Fri Sep 27 2013 nanardon <nanardon> 1.11.3-2.mga4 + Revision: 487852 - buildrequires - rebuild (missing in x86_64) * Wed Jun 05 2013 guillomovitch <guillomovitch> 1.11.3-1.mga4 + Revision: 437706 - new version * Wed May 29 2013 guillomovitch <guillomovitch> 1.11.2-2.mga4 + Revision: 429859 - add explicit dependency on libverto-module-base for server subpackage (#10307) * Fri May 24 2013 guillomovitch <guillomovitch> 1.11.2-1.mga4 + Revision: 426099 - new version * Tue May 14 2013 oden <oden> 1.11.1-2.mga4 + Revision: 413117 - P106: security fix for CVE-2002-2443 (upstream) * Mon Feb 25 2013 guillomovitch <guillomovitch> 1.11.1-1.mga3 + Revision: 400305 - new version * Sat Jan 12 2013 umeabot <umeabot> 1.11-3.mga3 + Revision: 356461 - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.11-2.mga3 + Revision: 337655 - ldap support is back * Wed Jan 02 2013 guillomovitch <guillomovitch> 1.11-1.mga3 + Revision: 337601 - disable ldap support temporarily, in order to be able to install verto-devel - new version * Tue Oct 16 2012 guillomovitch <guillomovitch> 1.10.3-2.mga3 + Revision: 307137 - drop portreserve support, because of its marginal usefulness * Fri Sep 07 2012 luigiwalser <luigiwalser> 1.10.3-1.mga3 + Revision: 289609 - 1.10.3 * Wed Aug 01 2012 luigiwalser <luigiwalser> 1.10.2-3.mga3 + Revision: 277685 - add upstream patch to fix CVE-2012-1014 and CVE-2012-1015 * Thu Jul 05 2012 guillomovitch <guillomovitch> 1.10.2-2.mga3 + Revision: 267906 - use /var/lib/krb5kdc as database directory - force usage of builtin libverto, to fix chicken-and-egg issue + luigiwalser <luigiwalser> - fix paths in kadmin and kprop service files * Wed Jun 27 2012 guillomovitch <guillomovitch> 1.10.2-1.mga3 + Revision: 264466 - new version - sync patch set with fedora - add systemd support - drop sysinit support * Fri Jun 15 2012 luigiwalser <luigiwalser> 1.9.2-3.mga3 + Revision: 260854 - add upstream patch to fix CVE-2012-1013 * Mon Jan 02 2012 dmorgan <dmorgan> 1.9.2-2.mga2 + Revision: 189535 - Add fix for CVE-2011-1530 * Thu Nov 03 2011 guillomovitch <guillomovitch> 1.9.2-1.mga2 + Revision: 162139 - new version - new version - drop old obsoletes tags from spec file * Tue May 03 2011 saispo <saispo> 1.8.3-5.mga1 + Revision: 94391 - Sync Advisories for 2010 and 2011 + rtp <rtp> - allow to break openldap <-> krb circular build require * Sun Jan 09 2011 blino <blino> 1.8.3-4.mga1 + Revision: 3724 - remove old conflicts and ldconfig scriptlets - imported package krb5 * Wed Dec 01 2010 Oden Eriksson <oeriksson@mandriva.com> 1.8.3-3mdv2011.0 + Revision: 604377 - sync with MDVSA-2010:246 * Wed Oct 13 2010 Oden Eriksson <oeriksson@mandriva.com> 1.8.3-2mdv2011.0 + Revision: 585393 - P72: security fix for CVE-2010-1322 * Sat Aug 07 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.8.3-1mdv2011.0 + Revision: 567296 - new version * Sat Jul 17 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.8.2-1mdv2011.0 + Revision: 554668 - new version * Wed May 19 2010 Oden Eriksson <oeriksson@mandriva.com> 1.8.1-5mdv2010.1 + Revision: 545370 - P73: security fix for CVE-2010-1321 * Thu May 06 2010 Oden Eriksson <oeriksson@mandriva.com> 1.8.1-4mdv2010.1 + Revision: 542828 - clear the LDFLAGS in krb5-config + Guillaume Rousse <guillomovitch@mandriva.org> - don't include libkdb_ldap.so in devel package (fix #59081) * Wed Apr 28 2010 Antoine Ginies <aginies@mandriva.com> 1.8.1-2mdv2010.1 + Revision: 540120 - bump release to be able to rebuild (ftp and telnet client are in the wrong version in repository) * Tue Apr 27 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.8.1-1mdv2010.1 + Revision: 539500 - new version - sync with fedora spec, for easier maintainance - drop lot of obsoletes stuff - drop conditional krb4 support * Tue Apr 13 2010 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-15mdv2010.1 + Revision: 534516 - P35: security fix for CVE-2010-0629 (redhat) * Tue Apr 06 2010 Funda Wang <fwang@mandriva.org> 1.6.3-14mdv2010.1 + Revision: 532108 - add fedora patch to build with openssl 1.0 - fix linkage when using configure2_5x - rebuild for new openssl * Fri Feb 26 2010 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-13mdv2010.1 + Revision: 511585 - rebuilt against openssl-0.9.8m * Thu Jan 14 2010 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-12mdv2010.1 + Revision: 491077 - P34: security fix for CVE-2009-4212 * Wed Jan 13 2010 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-11mdv2010.1 + Revision: 491023 - revert to 1.6.3 + Zombie Ryushu <ryushu@mandriva.org> - Upgrade to 1.7 - Upgrade to 1.7 * Wed Sep 02 2009 Christophe Fergeau <cfergeau@mandriva.com> 1.6.3-10mdv2010.0 + Revision: 425499 - rebuild * Sun Apr 19 2009 Frederik Himpe <fhimpe@mandriva.org> 1.6.3-9mdv2009.1 + Revision: 368034 - Add patches fixing CVE-2009-0846 and CVE-2009-0847 - Replace CVE-2009-0845 patch by upstream patch also fixing CVE-2009-0844 (via Fedora) * Mon Mar 30 2009 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.3-8mdv2009.1 + Revision: 362598 - fix format errors + Oden Eriksson <oeriksson@mandriva.com> - P30: security fix for CVE-2009-0845 - rediff patches * Sat Dec 06 2008 Adam Williamson <awilliamson@mandriva.org> 1.6.3-7mdv2009.1 + Revision: 311084 - rebuild for new tcl - add tcl86.patch (fix build for tcl 8.6) * Mon Jun 09 2008 Pixel <pixel@mandriva.com> 1.6.3-6mdv2009.0 + Revision: 217188 - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers * Wed Mar 26 2008 Gustavo De Nardin <gustavodn@mandriva.com> 1.6.3-6mdv2008.1 + Revision: 190506 - fixed alternatives manpages extension * Tue Mar 25 2008 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-5mdv2008.1 + Revision: 189926 - P25: security fix for CVE-2007-5901 - P26: security fix for CVE-2007-5971 - P27: security fix for CVE-2008-0062 and CVE-2008-0063 - P28: security fix for CVE-2008-0947 * Fri Feb 29 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-4mdv2008.1 + Revision: 176811 - removed last instance of MANDRAKESOFT name - include apparmor profile for /usr/bin/telnet * Mon Jan 07 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-3mdv2008.1 + Revision: 146343 - unrestrict the libkrb53 requires on krb5 as per pixel's email + Funda Wang <fwang@mandriva.org> - fix man page extension * Fri Dec 21 2007 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-2mdv2008.1 + Revision: 136088 - fix krb5-devel <-> openldap-devel cross linkage (take one) + Thierry Vignaud <tv@mandriva.org> - kill re-definition of %%buildroot on Pixel's request * Tue Oct 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.3-1mdv2008.1 + Revision: 101520 - updated to version 1.6.3 - removed 2007-006 security patch, already applied * Sun Sep 30 2007 Anssi Hannula <anssi@mandriva.org> 1.6.2-7mdv2008.0 + Revision: 94040 - add a conflict on old 32bit libkrb53 into 64bit krb5 to ensure smooth upgrade on biarch systems * Wed Sep 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-6mdv2008.0 + Revision: 93160 - remove historical options from krb5.conf, relying more on defaults * Wed Sep 19 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-5mdv2008.0 + Revision: 90816 - make library package only provide the libs themselves and not any other file (#32580) * Tue Sep 18 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.2-4mdv2008.0 + Revision: 89826 - rebuild * Tue Sep 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-3mdv2008.0 + Revision: 84549 - security patch for CVE-2007-3999 and CVE-2007-4000 (#33193) * Thu Aug 23 2007 Thierry Vignaud <tv@mandriva.org> 1.6.2-2mdv2008.0 + Revision: 70294 - kill file require on info-install * Wed Jul 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-1mdv2008.0 + Revision: 51241 - updated to 1.6.2 - dropped patches that were already applied * Tue Jun 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-5mdv2008.0 + Revision: 44629 - added security patches from advisories MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 (CVE-2007-2442, CVE-2007-2443 and CVE-2007-2798) - rebuild with new serverbuild macro, enabling -fstack-protector-all * Fri Jun 22 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-4mdv2008.0 + Revision: 43231 - using serverbuild macro + Herton Ronaldo Krzesinski <herton@mandriva.com.br> - Added patch ftp_remove_printf_debug, to remove uneeded debug information of ftp client from ftp-client-krb5 package. Closes: #30467. * Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-2mdv2008.0 + Revision: 17357 - oops, accidentally removed a previous change by Guillaume, fixed * Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-1mdv2008.0 + Revision: 17353 - updated to version 1.6.1, dropping security patches which were already applied * Sat Apr 21 2007 Andreas Hasenack <andreas@mandriva.com> 1.6-3mdv2008.0 + Revision: 16432 - updated to version 1.6 - enabled LDAP backend - added security patches for CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216 - fix segfault on password change - make main initscripts cope with database in ldap - added sample krb5.conf file for ldap usage - setting sysconfdir in configure to avoid a lookup in /usr/etc instead of /etc at runtime - major cleanup in spec file (basically, trusting upstream a bit more) - return proper exit codes in the initscripts - don't provide old names anymore - disabled ftp and telnet servers (via xinetd) by default - html doc - rename html supplied doc - use example.com domain and realm in the html supplied doc * Fri Apr 20 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-7mdv2008.0 + Revision: 16419 - use a better default realm for the acl file - fix plugin path (#30349) - making defaults more secure for ftp and telnetd server (vdanen) * Thu Apr 05 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-6mdv2007.1 + Revision: 150703 - applied security patches to fix vulnerabilities (CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216) * Tue Mar 13 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.2-5mdv2007.1 + Revision: 142466 - make the workstation package provide kerberos-workstation virtual package * Fri Feb 09 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-4mdv2007.1 + Revision: 118433 - revert last change * Thu Feb 08 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-3mdv2007.1 + Revision: 117876 - added the /usr/include/krb5/kdb.h header, needed by php-kadm5 * Thu Jan 25 2007 mandrake <mandrake> 1.6-3mdv2007.1 + Revision: 113280 * Thu Jan 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-1mdv2007.1 + Revision: 107488 - updated to version 1.5.2 - removed security patches 2006-002 and 2006-003, already applied in this version * Tue Jan 09 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.1-2mdv2007.1 + Revision: 106777 - added security patches for two new vulnerabilities (2006-002 and 2006-003) * Thu Nov 30 2006 Andreas Hasenack <andreas@mandriva.com> 1.5.1-1mdv2007.1 + Revision: 89342 - updated to version 1.5.1 - dropped patches that were no longer being applied - updated some patches, removed others (will keep cleaning this up) * Mon Nov 06 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.4-1mdv2007.1 + Revision: 77019 - updated to version 1.4.4 - removed security patch (already applied) * Tue Oct 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-7mdv2007.0 + Revision: 63201 - bumped release - added LSB info to initscripts (#26356) - bunzip some files * Tue Aug 22 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-6mdv2007.0 + Revision: 56977 - updated security patch for MIT krb5 Security Advisory 2006-001 * Thu Aug 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-5mdv2007.0 + Revision: 54880 - bump release - added patch for MITKRB5-SA-2006-001-setuid vulnerability - import krb5-1.4.3-4mdv2007.0 * Wed Jun 07 2006 Per Øyvind Karlsen <pkarlsen@mandriva.com> 1.4.3-4mdv2007.0 - rebuild properly when pthread_mutexattr_setrobust_np() is defined but not declared, such as with recent glibc when _GNU_SOURCE isn't being used (P25 from fedora) * Tue Mar 07 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-3mdk - fixed kpropd initscript (Closes: #21491) * Wed Jan 04 2006 Oden Eriksson <oeriksson@mandriva.com> 1.4.3-2mdk - fix deps * Mon Nov 21 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.3-1mdk - updated to version 1.4.3 - Prereq -> Requires(foo) * Thu Aug 18 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.2-1mdk - updated to version 1.4.2 - removed MITKRB5-SA-2005-002 security patch, already applied - removed MITKRB5-SA-2005-003 security patch, already applied * Fri Aug 05 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-7mdk - fixed init script to only call krb524 if it exists (#17213) * Wed Jul 13 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-6mdk - added security patches from MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003 (CAN-2005-1174, CAN-2005-1175 and CAN-2005-1689) * Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-5mdk - same (lfs patch) for ftp server * Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-4mdk - patch for LFS in the ftp client * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-3mdk - using EXAMPLE.COM in default configuration file * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-2mdk - conditionally build krb4 support (disabled by default) - removed empty %%post{,un} sections - removed %%config tag from init scripts - fixed profile scripts permissions - using correct ./configure option to enable dns realm lookup * Thu Jun 09 2005 Buchan Milne <bgmilne@linux-mandrake.com> 1.4.1-1mdk - 1.4.1 - drop p11 (conflict), p24 (upstream) and p25 (conflict,unnecessary) - previous changes for 1.4: - 1.4 - drop p2,p12 (conflict), p15 (upstream), p16 (some conflict, some upstream), p17 (original source gone) * Sat May 07 2005 Oden Eriksson <oeriksson@mandriva.com> 1.3.6-7mdk - added one gcc4 patch (debian) * Thu Apr 07 2005 Daouda LO <daouda@mandrakesoft.com> 1.3.6-6mdk o Tue Mar 29 2005 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2.2.101mdk - security fix for CAN-2005-0468, CAN-2005-0469 * Thu Mar 10 2005 Stefan van der Eijk <stefan@eijk.nu> 1.3.6-5mdk - reupload * Mon Feb 28 2005 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 1.3.6-4mdk - multiarch + also preserve file names when generating headers from *.h files * Sat Feb 12 2005 Pascal Terjan <pterjan@mandrake.org> 1.3.6-3mdk - fix patch 13 causing segfault in ftp * Tue Feb 01 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.6-2mdk - fix deps and - fix no-reload-entry in the krb5server, krb524 and kprop init scripts * Mon Jan 10 2005 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.6-1mdk - 1.3.6 - don't use chrpath on static libraries - summary-ended-with-dot - macroize * Fri Dec 03 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.5-1mdk - 1.3.5 - add P22 from fedora - drop P20 & P21 (merged upstream) * Sat Oct 09 2004 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2mdk - include security patches (P20, P21) for CAN-2004-0642, CAN-2004-0643, CAN-2004-0644, CAN-2004-0772 * Sun Aug 08 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.4-1mdk - 1.3.4 - added P19 (fedora) - enable static devel libs - misc spec file fixes * Sat May 22 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.3-4mdk - fix buildrequires - spec cosmetics * Tue May 18 2004 Florin <florin@mandrakesoft.com> 1.3.3-3mdk - ugly rpath fix (brr, I hate to do that :o) ) - strip _bindir binaries * Wed May 12 2004 Florin <florin@mandrakesoft.com> 1.3.3-2mdk - add the 5-18 patches - fix the master-key entry in kdc.conf * Mon May 10 2004 Florin <florin@mandrakesoft.com> 1.3.3-1mdk - 1.3.3 - spec cleanups