commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-08-17 11:58:34 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.3399 (New) Package is "krb5" Mon Aug 17 11:58:34 2020 rev:149 rq:824487 version:1.18.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-07-21 16:42:56.444104837 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.3399/krb5-mini.changes 2020-08-17 11:58:36.178467648 +0200 @@ -1,0 +2,5 @@ +Tue Jul 7 17:38:11 UTC 2020 - Andreas Schwab + +- Don't fail if %{_lto_cflags} is empty + +--- krb5.changes: same change Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.yRFqMo/_old 2020-08-17 11:58:37.870468591 +0200 +++ /var/tmp/diff_new_pack.yRFqMo/_new 2020-08-17 11:58:37.870468591 +0200 @@ -198,8 +198,10 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/spake.so rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so +%if "%{_lto_cflags}" != "" # Don't add the lto flags to the public link flags. sed -i "s/%{_lto_cflags}//" %{buildroot}%{_bindir}/krb5-config +%endif %find_lang mit-krb5 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.yRFqMo/_old 2020-08-17 11:58:37.894468605 +0200 +++ /var/tmp/diff_new_pack.yRFqMo/_new 2020-08-17 11:58:37.898468607 +0200 @@ -276,8 +276,10 @@ # manually remove test plugin since configure doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so +%if "%{_lto_cflags}" != "" # Don't add the lto flags to the public link flags. sed -i "s/%{_lto_cflags}//" %{buildroot}%{_bindir}/krb5-config +%endif %find_lang mit-krb5
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-07-21 16:42:53 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.3592 (New) Package is "krb5" Tue Jul 21 16:42:53 2020 rev:148 rq:814662 version:1.18.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-06-11 14:42:34.984976844 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.3592/krb5-mini.changes 2020-07-21 16:42:56.444104837 +0200 @@ -1,0 +2,6 @@ +Fri Jun 12 08:38:23 UTC 2020 - Dominique Leuenberger + +- Do not mangle libexecdir, bindir, sbindir and datadir: there is + no reasonable justification to step out of the defaults. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2020-06-11 14:42:35.808980018 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.3592/krb5.changes 2020-07-21 16:42:57.256101917 +0200 @@ -1,0 +2,10 @@ +Fri Jun 12 08:38:23 UTC 2020 - Dominique Leuenberger + +- Do not mangle libexecdir, bindir, sbindir and datadir: there is + no reasonable justification to step out of the defaults. + + No longer install csh/sh profiles into /etc/profiles.d: as we +not install to default paths, there is no need to further +inject paths into $PATH; also, now sbin binaries are only in +path for admin users. + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.7kbJMy/_old 2020-07-21 16:42:59.440094066 +0200 +++ /var/tmp/diff_new_pack.7kbJMy/_new 2020-07-21 16:42:59.444094052 +0200 @@ -102,14 +102,9 @@ CFLAGS="%{optflags} -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ ---prefix=%{_prefix}/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ ---libexecdir=%{_prefix}/lib/mit/sbin \ ---bindir=%{_prefix}/lib/mit/bin \ ---sbindir=%{_prefix}/lib/mit/sbin \ ---datadir=%{_prefix}/lib/mit/share \ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ @@ -136,7 +131,7 @@ # Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks # of the buildconf patch already conspire to strip out /usr/ from the # list of link flags, and it helps prevent file conflicts on multilib systems. -sed -r -i -e 's|^libdir=%{_prefix}/lib(64)?$|libdir=%{_prefix}/lib|g' %{buildroot}%{_prefix}/lib/mit/bin/krb5-config +sed -r -i -e 's|^libdir=%{_prefix}/lib(64)?$|libdir=%{_prefix}/lib|g' %{buildroot}%{_bindir}/krb5-config # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal @@ -145,7 +140,6 @@ # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d -mkdir -p %{buildroot}%{_sysconfdir}/profile.d/ mkdir -p %{buildroot}%{_localstatedir}/log/krb5 # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb @@ -153,8 +147,6 @@ mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} -install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}%{_sysconfdir}/profile.d/krb5.csh -install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}%{_sysconfdir}/profile.d/krb5.sh # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist @@ -173,7 +165,7 @@ chmod 0755 ${lib} done # and binaries too -chmod 0755 %{buildroot}%{_prefix}/lib/mit/bin/ksu +chmod 0755 %{buildroot}%{_bindir}/ksu # install systemd files mkdir -p %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir} @@ -193,16 +185,13 @@ ln -s service %{buildroot}%{_sbindir}/rckadmind ln -s service %{buildroot}%{_sbindir}/rckrb5kdc ln -s service %{buildroot}%{_sbindir}/rckpropd -# create links for kinit and klist, because of the java ones -ln -sf ../..%{_prefix}/lib/mit/bin/kinit %{buildroot}%{_bindir}/kinit -ln -sf ../..%{_prefix}/lib/mit/bin/klist %{buildroot}%{_bindir}/klist # install doc install -d -m 755 %{buildroot}/%{krb5docdir} install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README # cleanup rm -f %{buildroot}%{_mandir}/man1/tmac.doc* rm -f %{_mandir}/man1/tmac.doc* -rm -rf %{buildroot}%{_prefix}/lib/mit/share/examples +rm -rf %{buildroot}%{_datadir}/examples # manually remove otp, spake and test plugin for
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-06-11 14:42:08 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.3606 (New) Package is "krb5" Thu Jun 11 14:42:08 2020 rev:147 rq:812027 version:1.18.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-05-19 14:43:17.975405699 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.3606/krb5-mini.changes 2020-06-11 14:42:34.984976844 +0200 @@ -1,0 +2,24 @@ +Fri May 29 08:38:37 UTC 2020 - Samuel Cabrero + +- Update to 1.18.2 + * Fix a SPNEGO regression where an acceptor using the default credential +would improperly filter mechanisms, causing a negotiation failure. + * Fix a bug where the KDC would fail to issue tickets if the local krbtgt +principal's first key has a single-DES enctype. + * Add stub functions to allow old versions of OpenSSL libcrypto to link +against libkrb5. + * Fix a NegoEx bug where the client name and delegated credential might +not be reported. + +--- +Thu May 28 15:21:46 UTC 2020 - Samuel Cabrero + +- Update logrotate script, call systemd to reload the services + instead of init-scripts. (boo#1169357) + +--- +Tue May 26 15:36:25 UTC 2020 - Christophe Giboudeaux + +- Don't add the lto flags to the public link options. (boo#1172038) + +--- krb5.changes: same change Old: krb5-1.18.1.tar.gz krb5-1.18.1.tar.gz.asc New: krb5-1.18.2.tar.gz krb5-1.18.2.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.aGS6fY/_old 2020-06-11 14:42:37.140985149 +0200 +++ /var/tmp/diff_new_pack.aGS6fY/_new 2020-06-11 14:42:37.140985149 +0200 @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version:1.18.1 +Version:1.18.2 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -209,6 +209,9 @@ rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/spake.so rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so +# Don't add the lto flags to the public link flags. +sed -i "s/%{_lto_cflags}//" %{buildroot}%{_prefix}/lib/mit/bin/krb5-config + %find_lang mit-krb5 # ++ krb5.spec ++ --- /var/tmp/diff_new_pack.aGS6fY/_old 2020-06-11 14:42:37.160985226 +0200 +++ /var/tmp/diff_new_pack.aGS6fY/_new 2020-06-11 14:42:37.164985242 +0200 @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version:1.18.1 +Version:1.18.2 Release:0 Summary:MIT Kerberos5 implementation License:MIT @@ -287,6 +287,9 @@ # manually remove test plugin since configure doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so +# Don't add the lto flags to the public link flags. +sed -i "s/%{_lto_cflags}//" %{buildroot}%{_prefix}/lib/mit/bin/krb5-config + %find_lang mit-krb5 %post -p /sbin/ldconfig ++ krb5-1.18.1.tar.gz -> krb5-1.18.2.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.18.1.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.3606/krb5-1.18.2.tar.gz differ: char 5, line 1 ++ vendor-files.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/krb5-server.logrotate new/vendor-files/krb5-server.logrotate --- old/vendor-files/krb5-server.logrotate 2007-06-11 15:00:55.0 +0200 +++ new/vendor-files/krb5-server.logrotate 2020-05-28 17:20:49.936990316 +0200 @@ -8,7 +8,7 @@ copytruncate size=+1024k postrotate - /etc/init.d/kadmind reload +systemctl reload kadmind.service endscript } @@ -22,7 +22,7 @@ copytruncate size=+1024k postrotate - /etc/init.d/krb5kdc reload +systemctl reload krb5kdc.service endscript }
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-05-19 14:43:09 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.2738 (New) Package is "krb5" Tue May 19 14:43:09 2020 rev:146 rq:805750 version:1.18.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-05-09 19:48:11.476301665 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.2738/krb5-mini.changes 2020-05-19 14:43:17.975405699 +0200 @@ -1,0 +2,18 @@ +Mon May 4 09:24:21 UTC 2020 - Samuel Cabrero + +- Upgrade to 1.18.1 + * Fix a crash when qualifying short hostnames when the system has +no primary DNS domain. + * Fix a regression when an application imports "service@" as a GSS +host-based name for its acceptor credential handle. + * Fix KDC enforcement of auth indicators when they are modified by +the KDB module. + * Fix removal of require_auth string attributes when the LDAP KDB +module is used. + * Fix a compile error when building with musl libc on Linux. + * Fix a compile error when building with gcc 4.x. + * Change the KDC constrained delegation precedence order for consistency +with Windows KDCs. +- Remove 0009-Fix-null-dereference-qualifying-short-hostnames.patch + +--- krb5.changes: same change Old: 0009-Fix-null-dereference-qualifying-short-hostnames.patch krb5-1.18.tar.gz krb5-1.18.tar.gz.asc New: krb5-1.18.1.tar.gz krb5-1.18.1.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.v7U3PK/_old 2020-05-19 14:43:21.243412682 +0200 +++ /var/tmp/diff_new_pack.v7U3PK/_new 2020-05-19 14:43:21.247412690 +0200 @@ -24,7 +24,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5-mini -Version:1.18 +Version:1.18.1 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -44,7 +44,6 @@ Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch -Patch9: 0009-Fix-null-dereference-qualifying-short-hostnames.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils ++ krb5.spec ++ --- /var/tmp/diff_new_pack.v7U3PK/_old 2020-05-19 14:43:21.271412741 +0200 +++ /var/tmp/diff_new_pack.v7U3PK/_new 2020-05-19 14:43:21.275412750 +0200 @@ -21,7 +21,7 @@ %define _fillupdir %{_localstatedir}/adm/fillup-templates %endif Name: krb5 -Version:1.18 +Version:1.18.1 Release:0 Summary:MIT Kerberos5 implementation License:MIT @@ -42,7 +42,6 @@ Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch -Patch9: 0009-Fix-null-dereference-qualifying-short-hostnames.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils ++ krb5-1.18.tar.gz -> krb5-1.18.1.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.18.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.2738/krb5-1.18.1.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-05-09 19:48:07 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.2738 (New) Package is "krb5" Sat May 9 19:48:07 2020 rev:145 rq:798844 version:1.18 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-04-04 12:04:13.018565513 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.2738/krb5-mini.changes 2020-05-09 19:48:11.476301665 +0200 @@ -1,0 +2,7 @@ +Wed Apr 29 08:06:31 UTC 2020 - Dominique Leuenberger + +- Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d + notation: libexecdir is likely changing away from /usr/lib to + /usr/libexec. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2020-04-04 12:04:15.210567821 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.2738/krb5.changes 2020-05-09 19:48:11.732302214 +0200 @@ -1,0 +2,7 @@ +Wed Apr 29 08:04:32 UTC 2020 - Dominique Leuenberger + +- Use %_tmpfilesdir instead of the wrong %_libexecdir/tmpfiles.d + notation: libexecdir is likely changing away from /usr/lib to + /usr/libexec. + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.aJTeCi/_old 2020-05-09 19:48:12.596304069 +0200 +++ /var/tmp/diff_new_pack.aJTeCi/_new 2020-05-09 19:48:12.600304078 +0200 @@ -159,8 +159,8 @@ # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist -install -d -m 0755 %{buildroot}%{_prefix}/lib/tmpfiles.d/ -install -m 644 %{SOURCE6} %{buildroot}%{_prefix}/lib/tmpfiles.d/krb5.conf +install -d -m 0755 %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE6} %{buildroot}%{_tmpfilesdir}/krb5.conf mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc # Where per-user keytabs live by default. mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user @@ -301,7 +301,7 @@ %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* %{_libdir}/krb5/plugins/tls/* -%{_libexecdir}/tmpfiles.d/krb5.conf +%{_tmpfilesdir}/krb5.conf %dir %{_datadir}/kerberos/ %dir %{_datadir}/kerberos/krb5kdc %dir %{_datadir}/kerberos/krb5 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.aJTeCi/_old 2020-05-09 19:48:12.628304138 +0200 +++ /var/tmp/diff_new_pack.aJTeCi/_new 2020-05-09 19:48:12.628304138 +0200 @@ -225,8 +225,8 @@ # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist -install -d -m 0755 %{buildroot}%{_prefix}/lib/tmpfiles.d/ -install -m 644 %{SOURCE7} %{buildroot}%{_prefix}/lib/tmpfiles.d/krb5.conf +install -d -m 0755 %{buildroot}%{_tmpfilesdir} +install -m 644 %{SOURCE7} %{buildroot}%{_tmpfilesdir}/krb5.conf mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc # Where per-user keytabs live by default. mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user @@ -373,7 +373,7 @@ %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service -%{_libexecdir}/tmpfiles.d/krb5.conf +%{_tmpfilesdir}/krb5.conf %dir %{krb5docdir} %dir %{_prefix}/lib/mit %dir %{_prefix}/lib/mit/sbin
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-04-04 12:04:03 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.3248 (New) Package is "krb5" Sat Apr 4 12:04:03 2020 rev:144 rq:789700 version:1.18 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2020-02-28 15:19:02.473612162 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.3248/krb5-mini.changes 2020-04-04 12:04:13.018565513 +0200 @@ -1,0 +2,7 @@ +Wed Mar 25 09:20:38 UTC 2020 - Samuel Cabrero + +- Fix segfault in k5_primary_domain; (bsc#1167620); +- Added patches: + * 0009-Fix-null-dereference-qualifying-short-hostnames.patch + +--- krb5.changes: same change New: 0009-Fix-null-dereference-qualifying-short-hostnames.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.cTGCyz/_old 2020-04-04 12:04:18.982571793 +0200 +++ /var/tmp/diff_new_pack.cTGCyz/_new 2020-04-04 12:04:18.982571793 +0200 @@ -44,6 +44,7 @@ Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch +Patch9: 0009-Fix-null-dereference-qualifying-short-hostnames.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils ++ krb5.spec ++ --- /var/tmp/diff_new_pack.cTGCyz/_old 2020-04-04 12:04:19.006571818 +0200 +++ /var/tmp/diff_new_pack.cTGCyz/_new 2020-04-04 12:04:19.006571818 +0200 @@ -42,6 +42,7 @@ Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-SELinux-integration.patch Patch8: 0008-krb5-1.9-debuginfo.patch +Patch9: 0009-Fix-null-dereference-qualifying-short-hostnames.patch BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils @@ -154,14 +155,7 @@ %prep %setup -q -n %{srcRoot} %setup -q -a 3 -T -D -n %{srcRoot} -%patch1 -p1 -%patch2 -p1 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -p1 -%patch7 -p1 -%patch8 -p1 +%autopatch -p1 %build # needs to be re-generated ++ 0009-Fix-null-dereference-qualifying-short-hostnames.patch ++ >From 96d0ee0760a1c7cf735d04fbddf095a4c01ef190 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Tue, 3 Mar 2020 12:27:02 -0500 Subject: [PATCH] Fix null dereference qualifying short hostnames Fix the dnsglue.c PRIMARY_DOMAIN macro not to call strdup() with a null pointer if no DNS search path is configured. ticket: 8881 tags: pullup target_version: 1.18-next (cherry picked from commit cd82bf377e7fad2409c76bf8b241920692f34fda) --- src/lib/krb5/os/dnsglue.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/lib/krb5/os/dnsglue.c b/src/lib/krb5/os/dnsglue.c index e35ca9d76..0cd213fdd 100644 --- a/src/lib/krb5/os/dnsglue.c +++ b/src/lib/krb5/os/dnsglue.c @@ -91,7 +91,7 @@ static int initparse(struct krb5int_dns_state *); #define DECLARE_HANDLE(h) struct __res_state h #define INIT_HANDLE(h) (memset(, 0, sizeof(h)), res_ninit() == 0) #define SEARCH(h, n, c, t, a, l) res_nsearch(, n, c, t, a, l) -#define PRIMARY_DOMAIN(h) strdup(h.dnsrch[0]) +#define PRIMARY_DOMAIN(h) ((h.dnsrch[0] == NULL) ? NULL : strdup(h.dnsrch[0])) #if HAVE_RES_NDESTROY #define DESTROY_HANDLE(h) res_ndestroy() #else @@ -104,7 +104,8 @@ static int initparse(struct krb5int_dns_state *); #define DECLARE_HANDLE(h) #define INIT_HANDLE(h) (res_init() == 0) #define SEARCH(h, n, c, t, a, l) res_search(n, c, t, a, l) -#define PRIMARY_DOMAIN(h) strdup(_res.defdname) +#define PRIMARY_DOMAIN(h) \ +((_res.defdname == NULL) ? NULL : strdup(_res.defdname)) #define DESTROY_HANDLE(h) #endif -- 2.25.1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2020-02-28 15:18:59 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.26092 (New) Package is "krb5" Fri Feb 28 15:18:59 2020 rev:143 rq:779310 version:1.18 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2019-12-16 17:26:16.679962336 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.26092/krb5-mini.changes 2020-02-28 15:19:02.473612162 +0100 @@ -1,0 +2,69 @@ +Tue Feb 25 08:36:37 UTC 2020 - Tomáš Chvátal + +- Remove cruft to support distributions older than SLE 12 +- Use macros where applicable +- Switch to pkgconfig style dependencies + +--- +Mon Feb 17 17:26:16 UTC 2020 - Samuel Cabrero + +- Upgrade to 1.18 + Administrator experience: +* Remove support for single-DES encryption types. +* Change the replay cache format to be more efficient and robust. + Replay cache filenames using the new format end with ".rcache2" + by default. +* setuid programs will automatically ignore environment variables + that normally affect krb5 API functions, even if the caller does + not use krb5_init_secure_context(). +* Add an "enforce_ok_as_delegate" krb5.conf relation to disable + credential forwarding during GSSAPI authentication unless the KDC + sets the ok-as-delegate bit in the service ticket. +* Use the permitted_enctypes krb5.conf setting as the default value + for default_tkt_enctypes and default_tgs_enctypes. + Developer experience: +* Implement krb5_cc_remove_cred() for all credential cache types. +* Add the krb5_pac_get_client_info() API to get the client account + name from a PAC. + Protocol evolution: +* Add KDC support for S4U2Self requests where the user is identified + by X.509 certificate. (Requires support for certificate lookup from + a third-party KDB module.) +* Remove support for an old ("draft 9") variant of PKINIT. +* Add support for Microsoft NegoEx. (Requires one or more third-party + GSS modules implementing NegoEx mechanisms.) + User experience: +* Add support for "dns_canonicalize_hostname=fallback", causing + host-based principal names to be tried first without DNS + canonicalization, and again with DNS canonicalization if the + un-canonicalized server is not found. +* Expand single-component hostnames in host-based principal names + when DNS canonicalization is not used, adding the system's first DNS + search path as a suffix. Add a "qualify_shortname" krb5.conf relation + to override this suffix or disable expansion. +* Honor the transited-policy-checked ticket flag on application servers, + eliminating the requirement to configure capaths on servers in some + scenarios. + Code quality: +* The libkrb5 serialization code (used to export and import krb5 GSS + security contexts) has been simplified and made type-safe. +* The libkrb5 code for creating KRB-PRIV, KRB-SAFE, and KRB-CRED + messages has been revised to conform to current coding practices. +* The test suite has been modified to work with macOS System Integrity + Protection enabled. +* The test suite incorporates soft-pkcs11 so that PKINIT PKCS11 support + can always be tested. +- Updated patches: + * 0002-krb5-1.9-manpaths.patch + * 0004-krb5-1.6.3-gssapi_improve_errormessages.patch + * 0005-krb5-1.6.3-ktutil-manpage.patch + * 0006-krb5-1.12-api.patch +- Renamed patches: + * 0001-krb5-1.12-pam.patch => 0001-ksu-pam-integration.patch + * 0003-krb5-1.12-buildconf.patch => 0003-Adjust-build-configuration.patch + * 0008-krb5-1.12-selinux-label.patch => 0007-SELinux-integration.patch + * 0009-krb5-1.9-debuginfo.patch => 0008-krb5-1.9-debuginfo.patch +- Deleted patches: + * 0007-krb5-1.12-ksu-path.patch + +--- krb5.changes: same change Old: 0001-krb5-1.12-pam.patch 0003-krb5-1.12-buildconf.patch 0007-krb5-1.12-ksu-path.patch 0008-krb5-1.12-selinux-label.patch 0009-krb5-1.9-debuginfo.patch krb5-1.17.1.tar.gz krb5-1.17.1.tar.gz.asc New: 0001-ksu-pam-integration.patch 0003-Adjust-build-configuration.patch 0007-SELinux-integration.patch 0008-krb5-1.9-debuginfo.patch krb5-1.18.tar.gz krb5-1.18.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.mUCqXL/_old 2020-02-28 15:19:04.101615476 +0100 +++ /var/tmp/diff_new_pack.mUCqXL/_new 2020-02-28 15:19:04.105615484 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c)
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2019-12-16 17:26:13 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.4691 (New) Package is "krb5" Mon Dec 16 17:26:13 2019 rev:142 rq:756043 version:1.17.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2019-08-15 12:25:52.454599098 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.4691/krb5-mini.changes 2019-12-16 17:26:16.679962336 +0100 @@ -1,0 +2,8 @@ +Thu Dec 12 08:56:09 UTC 2019 - Samuel Cabrero + +- Upgrade to 1.17.1 + * Fix a bug preventing "addprinc -randkey -kvno" from working in kadmin. + * Fix a bug preventing time skew correction from working when a KCM +credential cache is used. + +--- krb5.changes: same change Old: krb5-1.17.tar.gz krb5-1.17.tar.gz.asc New: krb5-1.17.1.tar.gz krb5-1.17.1.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.fP9xno/_old 2019-12-16 17:26:17.635961954 +0100 +++ /var/tmp/diff_new_pack.fP9xno/_new 2019-12-16 17:26:17.635961954 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -26,7 +26,7 @@ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini -Version:1.17 +Version:1.17.1 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.fP9xno/_old 2019-12-16 17:26:17.663961942 +0100 +++ /var/tmp/diff_new_pack.fP9xno/_new 2019-12-16 17:26:17.663961942 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2019 SUSE LLC # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -22,7 +22,7 @@ %endif Name: krb5 -Version:1.17 +Version:1.17.1 Release:0 Summary:MIT Kerberos5 implementation License:MIT ++ krb5-1.17.tar.gz -> krb5-1.17.1.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.17.tar.gz /work/SRC/openSUSE:Factory/.krb5.new.4691/krb5-1.17.1.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2019-08-15 12:25:50 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.9556 (New) Package is "krb5" Thu Aug 15 12:25:50 2019 rev:141 rq:721101 version:1.17 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2019-08-05 10:28:49.483456042 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.9556/krb5-mini.changes 2019-08-15 12:25:52.454599098 +0200 @@ -1,0 +2,6 @@ +Mon Aug 5 15:26:39 UTC 2019 - Samuel Cabrero + +- Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947); + (bsc#1144047); + +--- krb5.changes: same change Other differences: -- krb5.spec: same change ++ ksu-pam.d ++ --- /var/tmp/diff_new_pack.tV1qtn/_old 2019-08-15 12:25:53.550598825 +0200 +++ /var/tmp/diff_new_pack.tV1qtn/_new 2019-08-15 12:25:53.550598825 +0200 @@ -4,5 +4,6 @@ account sufficient pam_rootok.so account includecommon-account password includecommon-password +session optional pam_keyinit.so force revoke session includecommon-session session optional pam_xauth.so
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2019-08-05 10:28:48 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.4126 (New) Package is "krb5" Mon Aug 5 10:28:48 2019 rev:140 rq:718535 version:1.17 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2019-02-19 13:54:59.724720977 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.4126/krb5-mini.changes 2019-08-05 10:28:49.483456042 +0200 @@ -1,0 +2,8 @@ +Wed Jul 24 09:57:59 UTC 2019 - matthias.gerst...@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2019-05-16 21:55:27.094903926 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new.4126/krb5.changes 2019-08-05 10:28:49.563456033 +0200 @@ -1,0 +2,8 @@ +Wed Jul 24 09:57:44 UTC 2019 - matthias.gerst...@suse.com + +- removal of SuSEfirewall2 service, since SuSEfirewall2 has been replaced by + firewalld, see [1]. + + [1]: https://lists.opensuse.org/opensuse-factory/2019-01/msg00490.html + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.57G1z2/_old 2019-08-05 10:28:50.603455916 +0200 +++ /var/tmp/diff_new_pack.57G1z2/_new 2019-08-05 10:28:50.607455916 +0200 @@ -164,7 +164,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 -mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth @@ -173,8 +172,6 @@ install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh -install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc -install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist @@ -327,7 +324,6 @@ %dir %{_sysconfdir}/krb5.conf.d %attr(0644,root,root) %config /etc/profile.d/krb5* %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server -%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_fillupdir}/sysconfig.* %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service ++ krb5.spec ++ --- /var/tmp/diff_new_pack.57G1z2/_old 2019-08-05 10:28:50.651455911 +0200 +++ /var/tmp/diff_new_pack.57G1z2/_new 2019-08-05 10:28:50.659455910 +0200 @@ -240,7 +240,6 @@ mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 -mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth @@ -249,8 +248,6 @@ install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh -install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc -install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist @@ -448,7 +445,6 @@ %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kdc.conf %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.acl %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.dict -%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_fillupdir}/sysconfig.* /usr/sbin/rc* /usr/lib/mit/sbin/kadmin.local ++ vendor-files.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/SuSEFirewall.kadmind new/vendor-files/SuSEFirewall.kadmind --- old/vendor-files/SuSEFirewall.kadmind 2007-02-22 11:09:33.0 +0100 +++
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2019-05-16 21:55:25 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.5148 (New) Package is "krb5" Thu May 16 21:55:25 2019 rev:139 rq:701544 version:1.17 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2019-02-19 13:54:59.764720948 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.5148/krb5.changes 2019-05-16 21:55:27.094903926 +0200 @@ -1,0 +2,6 @@ +Tue May 7 10:08:00 UTC 2019 - Samuel Cabrero + +- Move LDAP schema files from /usr/share/doc/packages/krb5 to + /usr/share/kerberos/ldap; (bsc#1134217); + +--- Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.3IIwgm/_old 2019-05-16 21:55:30.266902567 +0200 +++ /var/tmp/diff_new_pack.3IIwgm/_new 2019-05-16 21:55:30.318902545 +0200 @@ -315,8 +315,9 @@ # install doc install -d -m 755 %{buildroot}/%{krb5docdir} install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README -install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema -install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif +install -d -m 755 %{buildroot}/%{_datadir}/kerberos/ldap +install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{_datadir}/kerberos/ldap/kerberos.schema +install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{_datadir}/kerberos/ldap/kerberos.ldif # link pam-config for su to ksu mkdir -p %{buildroot}/etc/pam.d/ install -m 644 %{S:6} %{buildroot}/etc/pam.d/ksu @@ -519,9 +520,10 @@ %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir /usr/lib/mit/sbin/ -%dir %{krb5docdir} -%doc %{krb5docdir}/kerberos.schema -%doc %{krb5docdir}/kerberos.ldif +%dir %{_datadir}/kerberos +%dir %{_datadir}/kerberos/ldap +%config %{_datadir}/kerberos/ldap/kerberos.schema +%config %{_datadir}/kerberos/ldap/kerberos.ldif %{_libdir}/krb5/plugins/kdb/kldap.so /usr/lib/mit/sbin/kdb5_ldap_util %{_libdir}/libkdb_ldap*
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2019-02-19 13:54:57 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new.28833 (New) Package is "krb5" Tue Feb 19 13:54:57 2019 rev:138 rq:674895 version:1.17 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2018-10-29 14:56:48.197705382 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.28833/krb5-mini.changes 2019-02-19 13:54:59.724720977 +0100 @@ -1,0 +2,71 @@ +Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars + +--- +Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero + +- Upgrade to 1.17. Major changes: + Administrator experience: + * A new Kerberos database module using the Lightning Memory-Mapped +Database library (LMDB) has been added. The LMDB KDB module should +be more performant and more robust than the DB2 module, and may +become the default module for new databases in a future release. + * "kdb5_util dump" will no longer dump policy entries when specific +principal names are requested. + Developer experience: + * The new krb5_get_etype_info() API can be used to retrieve enctype, +salt, and string-to-key parameters from the KDC for a client +principal. + * The new GSS_KRB5_NT_ENTERPRISE_NAME name type allows enterprise +principal names to be used with GSS-API functions. + * KDC and kadmind modules which call com_err() will now write to the +log file in a format more consistent with other log messages. + * Programs which use large numbers of memory credential caches should +perform better. + Protocol evolution: + * The SPAKE pre-authentication mechanism is now supported. This +mechanism protects against password dictionary attacks without +requiring any additional infrastructure such as certificates. SPAKE +is enabled by default on clients, but must be manually enabled on +the KDC for this release. + * PKINIT freshness tokens are now supported. Freshness tokens can +protect against scenarios where an attacker uses temporary access to +a smart card to generate authentication requests for the future. + * Password change operations now prefer TCP over UDP, to avoid +spurious error messages about replays when a response packet is +dropped. + * The KDC now supports cross-realm S4U2Self requests when used with a +third-party KDB module such as Samba's. The client code for +cross-realm S4U2Self requests is also now more robust. + User experience: + * The new ktutil addent -f flag can be used to fetch salt information +from the KDC for password-based keys. + * The new kdestroy -p option can be used to destroy a credential cache +within a collection by client principal name. + * The Kerberos man page has been restored, and documents the +environment variables that affect programs using the Kerberos +library. + Code quality: + * Python test scripts now use Python 3. + * Python test scripts now display markers in verbose output, making it +easier to find where a failure occurred within the scripts. + * The Windows build system has been simplified and updated to work +with more recent versions of Visual Studio. A large volume of +unused Windows-specific code has been removed. Visual Studio 2013 +or later is now required. +- Use systemd-tmpfiles to create files under /var/lib/kerberos, required + by transactional updates; (bsc#1100126); +- Rename patches: + * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch + * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch + * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch + * krb5-1.6.3-gssapi_improve_errormessages.dif to +0004-krb5-1.6.3-gssapi_improve_errormessages.patch + * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch + * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch + * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch + * krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch + * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch + +--- @@ -1800 +1870,0 @@ - --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2018-10-29 14:56:48.217705458 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new.28833/krb5.changes 2019-02-19 13:54:59.764720948 +0100 @@ -1,0 +2,71 @@ +Wed Feb 13 17:45:34 UTC 2019 - Jan Engelhardt + +- Replace old $RPM_* shell vars + +--- +Mon Jan 14 16:10:06 UTC 2019 - Samuel Cabrero + +- Upgrade to 1.17. Major changes: + Administrator experience: + * A new Kerberos database module using the
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2018-10-29 14:13:32 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Mon Oct 29 14:13:32 2018 rev:137 rq:642079 version:1.16.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2018-05-10 15:44:07.592860018 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2018-10-29 14:56:48.197705382 +0100 @@ -1,0 +2,15 @@ +Tue Oct 9 20:13:24 UTC 2018 - James McDonough + +- Upgrade to 1.16.1 + * kdc client cert matching on client principal entry + * Allow ktutil addent command to ignore key version and use +non-default salt string. + * add kpropd pidfile support + * enable "encrypted_challenge_indicator" realm option on tickets +obtained using FAST encrypted challenge pre-authentication. + * dates through 2106 accepted + * KDC support for trivially renewable tickets + * stop caching referral and alternate cross-realm TGTs to prevent +duplicate credential cache entries + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2018-06-27 10:15:47.472327307 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2018-10-29 14:56:48.217705458 +0100 @@ -1,0 +2,15 @@ +Tue Oct 9 20:00:21 UTC 2018 - James McDonough + +- Upgrade to 1.16.1 + * kdc client cert matching on client principal entry + * Allow ktutil addent command to ignore key version and use +non-default salt string. + * add kpropd pidfile support + * enable "encrypted_challenge_indicator" realm option on tickets +obtained using FAST encrypted challenge pre-authentication. + * dates through 2106 accepted + * KDC support for trivially renewable tickets + * stop caching referral and alternate cross-realm TGTs to prevent +duplicate credential cache entries + +--- Old: krb5-1.15.3.tar.gz krb5-1.15.3.tar.gz.asc New: krb5-1.16.1.tar.gz krb5-1.16.1.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.5vcaIG/_old 2018-10-29 14:56:48.729707399 +0100 +++ /var/tmp/diff_new_pack.5vcaIG/_new 2018-10-29 14:56:48.729707399 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -21,7 +21,7 @@ %define _fillupdir /var/adm/fillup-templates %endif -%define srcRoot krb5-1.15.3 +%define srcRoot krb5-1.16.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -34,7 +34,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.3 +Version:1.16.1 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -52,8 +52,8 @@ Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp -Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz -Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz +Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc Source2:krb5.keyring Source3:vendor-files.tar.bz2 Source4:baselibs.conf ++ krb5.spec ++ --- /var/tmp/diff_new_pack.5vcaIG/_old 2018-10-29 14:56:48.741707444 +0100 +++ /var/tmp/diff_new_pack.5vcaIG/_new 2018-10-29 14:56:48.745707459 +0100 @@ -12,7 +12,7 @@ # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. -# Please submit bugfixes or comments via http://bugs.opensuse.org/ +# Please submit bugfixes or comments via https://bugs.opensuse.org/ # @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.3 +Version:1.16.1 Release:0 Summary:MIT Kerberos5 implementation License:MIT @@ -46,8 +46,8 @@ Obsoletes: krb5-64bit %endif Conflicts: krb5-mini -Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz -Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc +Source0:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2018-06-27 10:15:42 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Wed Jun 27 10:15:42 2018 rev:136 rq:617494 version:1.15.3 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2018-05-10 15:44:08.932810911 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2018-06-27 10:15:47.472327307 +0200 @@ -1,0 +2,6 @@ +Mon Jun 18 11:02:57 UTC 2018 - mc...@suse.com + +- BSC#1021402 move %{_libdir}/krb5/plugins/tls/k5tls.so to krb5 package + so it is avaiable for krb5-client as well. + +--- Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.Mpk3WQ/_old 2018-06-27 10:15:48.716282055 +0200 +++ /var/tmp/diff_new_pack.Mpk3WQ/_new 2018-06-27 10:15:48.720281909 +0200 @@ -396,6 +396,7 @@ %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libkrad.so.* +%{_libdir}/krb5/plugins/tls/*.so %files server %defattr(-,root,root) @@ -439,7 +440,6 @@ /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so -%{_libdir}/krb5/plugins/tls/*.so %{_mandir}/man5/kdc.conf.5* %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8*
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2018-05-10 15:43:54 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Thu May 10 15:43:54 2018 rev:135 rq:604020 version:1.15.3 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2018-05-02 12:16:48.887699478 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2018-05-10 15:44:07.592860018 +0200 @@ -1,0 +2,17 @@ +Fri May 4 09:48:36 UTC 2018 - mich...@stroeder.com + +- Upgrade to 1.15.3 + * Fix flaws in LDAP DN checking, including a null dereference KDC +crash which could be triggered by kadmin clients with administrative +privileges [CVE-2018-5729, CVE-2018-5730]. + * Fix a KDC PKINIT memory leak. + * Fix a small KDC memory leak on transited or authdata errors when +processing TGS requests. + * Fix a null dereference when the KDC sends a large TGS reply. + * Fix "kdestroy -A" with the KCM credential cache type. + * Fix the handling of capaths "." values. + * Fix handling of repeated subsection specifications in profile files +(such as when multiple included files specify relations in the same +subsection). + +--- krb5.changes: same change Old: krb5-1.15.2.tar.gz krb5-1.15.2.tar.gz.asc New: krb5-1.15.3.tar.gz krb5-1.15.3.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.SnRY0S/_old 2018-05-10 15:44:10.052769865 +0200 +++ /var/tmp/diff_new_pack.SnRY0S/_new 2018-05-10 15:44:10.052769865 +0200 @@ -21,7 +21,7 @@ %define _fillupdir /var/adm/fillup-templates %endif -%define srcRoot krb5-1.15.2 +%define srcRoot krb5-1.15.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -34,7 +34,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.2 +Version:1.15.3 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.SnRY0S/_old 2018-05-10 15:44:10.080768839 +0200 +++ /var/tmp/diff_new_pack.SnRY0S/_new 2018-05-10 15:44:10.084768692 +0200 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.2 +Version:1.15.3 Release:0 Summary:MIT Kerberos5 implementation License:MIT ++ krb5-1.15.2.tar.gz -> krb5-1.15.3.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.15.2.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.15.3.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2018-05-02 12:16:43 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Wed May 2 12:16:43 2018 rev:134 rq:602715 version:1.15.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-11-30 12:31:34.216071356 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2018-05-02 12:16:48.887699478 +0200 @@ -1,0 +2,5 @@ +Wed Apr 25 21:56:35 UTC 2018 - luizl...@gmail.com + +- Added support for /etc/krb5.conf.d/ for configuration snippets + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-11-30 12:31:34.752051864 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2018-05-02 12:16:49.815665620 +0200 @@ -1,0 +2,5 @@ +Wed Apr 25 21:54:39 UTC 2018 - luizl...@gmail.com + +- Added support for /etc/krb5.conf.d/ for configuration snippets + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.R7uSyY/_old 2018-05-02 12:16:50.747631617 +0200 +++ /var/tmp/diff_new_pack.R7uSyY/_new 2018-05-02 12:16:50.751631471 +0200 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -166,7 +166,7 @@ # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc -mkdir -p %{buildroot}%{_sysconfdir} +mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ @@ -323,6 +323,7 @@ %dir /usr/lib/mit/bin %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf +%dir %{_sysconfdir}/krb5.conf.d %attr(0644,root,root) %config /etc/profile.d/krb5* %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf ++ krb5.spec ++ --- /var/tmp/diff_new_pack.R7uSyY/_old 2018-05-02 12:16:50.779630450 +0200 +++ /var/tmp/diff_new_pack.R7uSyY/_new 2018-05-02 12:16:50.783630304 +0200 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2018 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -233,7 +233,7 @@ # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc -mkdir -p %{buildroot}%{_sysconfdir} +mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ @@ -385,6 +385,7 @@ %attr(0700,root,root) %dir /var/log/krb5 %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf +%dir %{_sysconfdir}/krb5.conf.d %attr(0644,root,root) %config /etc/profile.d/krb5* %{_libdir}/libgssapi_krb5.* %{_libdir}/libgssrpc.so.* ++ vendor-files.tar.bz2 ++ 53486 lines of diff (skipped)
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-11-30 12:31:32 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Thu Nov 30 12:31:32 2017 rev:133 rq:544747 version:1.15.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-10-05 11:48:08.170502633 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-11-30 12:31:34.216071356 +0100 @@ -1,0 +2,6 @@ +Thu Nov 23 13:38:33 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-11-11 14:14:29.522446343 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-11-30 12:31:34.752051864 +0100 @@ -1,0 +2,6 @@ +Thu Nov 23 13:38:38 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.xkJVP0/_old 2017-11-30 12:31:36.747979280 +0100 +++ /var/tmp/diff_new_pack.xkJVP0/_new 2017-11-30 12:31:36.751979135 +0100 @@ -16,6 +16,11 @@ # +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + %define srcRoot krb5-1.15.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -199,9 +204,9 @@ install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates -mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates -install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ -install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ +mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} +install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ +install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server @@ -324,7 +329,7 @@ %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* -%{_var}/adm/fillup-templates/sysconfig.* +%{_fillupdir}/sysconfig.* %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service ++ krb5.spec ++ --- /var/tmp/diff_new_pack.xkJVP0/_old 2017-11-30 12:31:36.783977971 +0100 +++ /var/tmp/diff_new_pack.xkJVP0/_new 2017-11-30 12:31:36.783977971 +0100 @@ -16,6 +16,11 @@ # +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + Name: krb5 Url:https://web.mit.edu/kerberos/www/ BuildRequires: autoconf @@ -266,9 +271,9 @@ install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates -mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates -install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ -install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ +mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} +install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ +install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server @@ -419,7 +424,7 @@ %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* -%{_var}/adm/fillup-templates/sysconfig.* +%{_fillupdir}/sysconfig.* /usr/sbin/rc* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-11-11 14:14:21 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Sat Nov 11 14:14:21 2017 rev:132 rq:539257 version:1.15.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-10-05 11:48:09.442323666 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-11-11 14:14:29.522446343 +0100 @@ -1,0 +2,8 @@ +Mon Nov 6 10:23:00 UTC 2017 - h...@suse.com + +- Remove build dependency doxygen, python-Cheetah, python-Sphinx, + python-libxml2, python-lxml, most of which are python 2 programs. + Consequently remove -doc subpackage. Users are encouraged to use + online documentation. (bsc#1066461) + +--- Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.qWwp2x/_old 2017-11-11 14:14:31.678367320 +0100 +++ /var/tmp/diff_new_pack.qWwp2x/_new 2017-11-11 14:14:31.682367173 +0100 @@ -31,15 +31,10 @@ License:MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss -BuildRequires: doxygen BuildRequires: libopenssl-devel BuildRequires: libverto-devel BuildRequires: openldap2-devel BuildRequires: pam-devel -BuildRequires: python-Cheetah -BuildRequires: python-Sphinx -BuildRequires: python-libxml2 -BuildRequires: python-lxml BuildRequires: pkgconfig(systemd) # bug437293 %ifarch ppc64 @@ -210,11 +205,6 @@ make %{?_smp_mflags} -cd doc -make %{?_smp_mflags} substhtml -cp -a html_subst ../../html -cd .. - # Copy kadmin manual page into kadmin.local's due to the split between client and server package cp man/kadmin.man man/kadmin.local.8 @@ -522,8 +512,4 @@ %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/otp.so -%files doc -%defattr(-,root,root) -%doc html doc/README - %changelog
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-10-05 11:48:05 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Thu Oct 5 11:48:05 2017 rev:131 rq:530615 version:1.15.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-10-01 16:58:39.393365341 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-10-05 11:48:08.170502633 +0200 @@ -1,0 +2,5 @@ +Mon Oct 2 22:53:28 UTC 2017 - jeng...@inai.de + +- Update package descriptions. + +--- krb5.changes: same change Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.Lb5r8X/_old 2017-10-05 11:48:10.298203228 +0200 +++ /var/tmp/diff_new_pack.Lb5r8X/_new 2017-10-05 11:48:10.302202666 +0200 @@ -67,13 +67,13 @@ %description Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of clear text passwords. The package delivers MIT Kerberos with reduced features and minimal dependencies %package devel -Summary:MIT Kerberos5 - Include Files and Libraries +Summary:Development files for MIT Kerberos5 (openSUSE mini variant) Group: Development/Libraries/C and C++ PreReq: %{name} = %{version} Requires: keyutils-devel @@ -88,7 +88,7 @@ %description devel Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes Libraries and Include Files for Development ++ krb5.spec ++ --- /var/tmp/diff_new_pack.Lb5r8X/_old 2017-10-05 11:48:10.334198164 +0200 +++ /var/tmp/diff_new_pack.Lb5r8X/_new 2017-10-05 11:48:10.334198164 +0200 @@ -27,7 +27,7 @@ BuildRequires: ncurses-devel Version:1.15.2 Release:0 -Summary:MIT Kerberos5 Implementation--Libraries +Summary:MIT Kerberos5 implementation License:MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss @@ -66,22 +66,22 @@ %description Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of clear text passwords. %package client Conflicts: krb5-mini -Summary:MIT Kerberos5 implementation - client programs +Summary:Client programs of the MIT Kerberos5 implementation Group: Productivity/Networking/Security %description client Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes some required client programs, like kinit, kadmin, ... %package server -Summary:MIT Kerberos5 implementation - server +Summary:Server program of the MIT Kerberos5 implementation Group: Productivity/Networking/Security Requires: cron Requires: libverto-libev1 @@ -96,51 +96,51 @@ %description server Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes the kdc, kadmind and more. %package plugin-kdb-ldap -Summary:MIT Kerberos5 Implementation--LDAP Database Plugin +Summary:LDAP database plugin for MIT Kerberos5 Group: Productivity/Networking/Security Requires: krb5-server = %{version} %description plugin-kdb-ldap Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure +which can improve network security by eliminating the insecure practice of clear text passwords. This package contains the LDAP database plugin. %package plugin-preauth-pkinit -Summary:MIT Kerberos5 Implementation--PKINIT preauth Plugin +Summary:PKINIT preauthentication plugin for MIT Kerberos5 Group: Productivity/Networking/Security %description plugin-preauth-pkinit Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-10-01 16:58:35 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Sun Oct 1 16:58:35 2017 rev:130 rq:528906 version:1.15.2 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-08-21 11:32:26.856948324 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-10-01 16:58:39.393365341 +0200 @@ -1,0 +2,15 @@ +Mon Sep 25 19:45:05 UTC 2017 - mich...@stroeder.com + +- Upgrade to 1.15.2 + * Fix a KDC denial of service vulnerability caused by unset status +strings [CVE-2017-11368] + * Preserve GSS contexts on init/accept failure [CVE-2017-11462] + * Fix kadm5 setkey operation with LDAP KDB module + * Use a ten-second timeout after successful connection for HTTPS KDC +requests, as we do for TCP requests + * Fix client null dereference when KDC offers encrypted challenge +without FAST + * Ignore dotfiles when processing profile includedir directive + * Improve documentation + +--- krb5.changes: same change Old: krb5-1.15.1.tar.gz krb5-1.15.1.tar.gz.asc New: krb5-1.15.2.tar.gz krb5-1.15.2.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.gIAzp8/_old 2017-10-01 16:58:40.545203301 +0200 +++ /var/tmp/diff_new_pack.gIAzp8/_new 2017-10-01 16:58:40.549202738 +0200 @@ -16,7 +16,7 @@ # -%define srcRoot krb5-1.15.1 +%define srcRoot krb5-1.15.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -29,7 +29,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.1 +Version:1.15.2 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.gIAzp8/_old 2017-10-01 16:58:40.573199362 +0200 +++ /var/tmp/diff_new_pack.gIAzp8/_new 2017-10-01 16:58:40.573199362 +0200 @@ -25,7 +25,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15.1 +Version:1.15.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5-1.15.1.tar.gz -> krb5-1.15.2.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.15.1.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.15.2.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-08-21 11:32:24 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Mon Aug 21 11:32:24 2017 rev:129 rq:517510 version:1.15.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-06-15 11:19:29.476465290 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-08-21 11:32:26.856948324 +0200 @@ -1,0 +2,7 @@ +Fri Aug 18 08:27:26 UTC 2017 - h...@suse.com + +- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf + in order to improve client security in handling service principle + names. (bsc#1054028) + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-06-15 11:19:29.512460205 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-08-21 11:32:27.192901077 +0200 @@ -1,0 +2,13 @@ +Fri Aug 18 08:27:26 UTC 2017 - h...@suse.com + +- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf + in order to improve client security in handling service principle + names. (bsc#1054028) + +--- +Fri Aug 11 09:08:58 UTC 2017 - h...@suse.com + +- Prevent kadmind.service startup failure caused by absence of + LDAP service. (bsc#903543) + +--- Other differences: -- krb5.spec: same change ++ vendor-files.tar.bz2 ++ 53477 lines of diff (skipped)
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-06-15 11:19:29 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Thu Jun 15 11:19:29 2017 rev:128 rq:501409 version:1.15.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-04-29 10:47:07.898414023 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-06-15 11:19:29.476465290 +0200 @@ -1,0 +2,25 @@ +Tue Jun 6 13:36:34 UTC 2017 - h...@suse.com + +- There is no change made about the package itself, this is only + copying over some changelog texts from SLE package: +- bug#918595 owned by vark...@suse.com: VUL-0: CVE-2014-5355 + krb5: denial of service in krb5_read_message +- bug#912002 owned by vark...@suse.com: VUL-0 + CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423: + krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token +- bug#910458 owned by vark...@suse.com: VUL-1 + CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries +- bug#928978 owned by vark...@suse.com: VUL-0 + CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading + to requires_preauth bypass +- bug#910457 owned by vark...@suse.com: VUL-1 + CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy + name as a password policy name +- bug#991088 owned by h...@suse.com: VUL-1 + CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted +- bug#992853 owned by h...@suse.com: krb5: bogus prerequires +- [fate#320326](https://fate.suse.com/320326) +- bug#982313 owned by pgaj...@suse.com: Doxygen unable to resolve reference + from \cite + +--- krb5.changes: same change Other differences: -- krb5.spec: same change
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-04-29 10:47:05 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Sat Apr 29 10:47:05 2017 rev:127 rq:486278 version:1.15.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-03-29 13:20:34.930303215 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-04-29 10:47:07.898414023 +0200 @@ -1,0 +2,5 @@ +Thu Apr 6 13:00:26 CEST 2017 - ku...@suse.de + +- Remove wrong PreRequires + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-03-29 13:20:35.086281157 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-04-29 10:47:08.746294239 +0200 @@ -1,0 +2,5 @@ +Thu Apr 6 12:58:53 CEST 2017 - ku...@suse.de + +- Remove wrong PreRequires from krb5 + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.hfVJKZ/_old 2017-04-29 10:47:10.022113998 +0200 +++ /var/tmp/diff_new_pack.hfVJKZ/_new 2017-04-29 10:47:10.022113998 +0200 @@ -63,7 +63,6 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq %description ++ krb5.spec ++ --- /var/tmp/diff_new_pack.hfVJKZ/_old 2017-04-29 10:47:10.050110042 +0200 +++ /var/tmp/diff_new_pack.hfVJKZ/_new 2017-04-29 10:47:10.054109477 +0200 @@ -63,8 +63,6 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build -PreReq: mktemp, grep, /bin/touch, coreutils -PreReq: %fillup_prereq %description Kerberos V5 is a trusted-third-party network authentication system,
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-03-29 13:20:32 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Wed Mar 29 13:20:32 2017 rev:126 rq:478948 version:1.15.1 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2017-01-25 22:32:44.769183615 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-03-29 13:20:34.930303215 +0200 @@ -1,0 +2,25 @@ +Thu Mar 9 20:58:42 UTC 2017 - mich...@stroeder.com + +- use HTTPS project and source URLs + +--- +Thu Mar 9 16:31:41 UTC 2017 - meiss...@suse.com + +- use source urls. +- krb5.keyring: Added Greg Hudson + +--- +Sat Mar 4 21:29:34 UTC 2017 - mich...@stroeder.com + +- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch +- Upgrade to 1.15.1 + * Allow KDB modules to determine how the e_data field of principal +fields is freed + * Fix udp_preference_limit when the KDC location is configured with +SRV records + * Fix KDC and kadmind startup on some IPv4-only systems + * Fix the processing of PKINIT certificate matching rules which have +two components and no explicit relation + * Improve documentation + +--- krb5.changes: same change Old: krb5-1.15-fix_kdb_free_principal_e_data.patch krb5-1.15.tar.gz krb5-1.15.tar.gz.asc New: krb5-1.15.1.tar.gz krb5-1.15.1.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.HpCTLK/_old 2017-03-29 13:20:37.145989870 +0200 +++ /var/tmp/diff_new_pack.HpCTLK/_new 2017-03-29 13:20:37.145989870 +0200 @@ -16,12 +16,12 @@ # -%define srcRoot krb5-1.15 +%define srcRoot krb5-1.15.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini -Url:http://web.mit.edu/kerberos/www/ +Url:https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils @@ -29,7 +29,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15 +Version:1.15.1 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -47,9 +47,8 @@ Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp -# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source0:krb5-%{version}.tar.gz -Source1:krb5-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz +Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc Source2:krb5.keyring Source3:vendor-files.tar.bz2 Source4:baselibs.conf @@ -63,8 +62,6 @@ Patch11:krb5-1.12-ksu-path.patch Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch -# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538 -Patch14:krb5-1.15-fix_kdb_free_principal_e_data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -108,7 +105,6 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 -%patch14 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.HpCTLK/_old 2017-03-29 13:20:37.173985911 +0200 +++ /var/tmp/diff_new_pack.HpCTLK/_new 2017-03-29 13:20:37.177985345 +0200 @@ -17,7 +17,7 @@ Name: krb5 -Url:http://web.mit.edu/kerberos/www/ +Url:https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils @@ -25,7 +25,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.15 +Version:1.15.1 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -46,9 +46,8 @@ Obsoletes: krb5-64bit %endif Conflicts: krb5-mini -# both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source0:krb5-%{version}.tar.gz -Source1:krb5-%{version}.tar.gz.asc +Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz +Source1:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-02-08 12:11:00 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2017-01-25 22:32:44.853170906 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-02-08 12:11:01.383846763 +0100 @@ -1,0 +2,5 @@ +Fri Jan 27 14:50:39 UTC 2017 - bwiedem...@suse.com + +- remove useless environment.pickle to make build-compare happy + +--- Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.aaG9ss/_old 2017-02-08 12:11:03.203590243 +0100 +++ /var/tmp/diff_new_pack.aaG9ss/_new 2017-02-08 12:11:03.207589679 +0100 @@ -321,7 +321,7 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* -rm -f /usr/share/man/man1/tmac.doc* +rm -f /usr/share/man/man1/tmac.doc* html/.doctrees/environment.pickle rm -rf %{buildroot}/usr/lib/mit/share/examples # manually remove test plugin since configure doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2017-01-25 22:32:44 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-12-11 13:21:31.468971608 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2017-01-25 22:32:44.769183615 +0100 @@ -1,0 +2,7 @@ +Thu Jan 19 16:01:27 UTC 2017 - a...@cryptomilk.org + +- Introduce patch + krb5-1.15-fix_kdb_free_principal_e_data.patch + to fix freeing of e_data in the kdb principal + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-12-11 13:21:31.708937623 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2017-01-25 22:32:44.853170906 +0100 @@ -1,0 +2,7 @@ +Thu Jan 19 15:59:38 UTC 2017 - a...@cryptomilk.org + +- Introduce patch + krb5-1.15-fix_kdb_free_principal_e_data.patch + to fix freeing of e_data in the kdb principal + +--- New: krb5-1.15-fix_kdb_free_principal_e_data.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.PteGJl/_old 2017-01-25 22:32:45.984999627 +0100 +++ /var/tmp/diff_new_pack.PteGJl/_new 2017-01-25 22:32:45.988999022 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -63,6 +63,8 @@ Patch11:krb5-1.12-ksu-path.patch Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch +# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538 +Patch14:krb5-1.15-fix_kdb_free_principal_e_data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -106,6 +108,7 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.PteGJl/_old 2017-01-25 22:32:46.024993575 +0100 +++ /var/tmp/diff_new_pack.PteGJl/_new 2017-01-25 22:32:46.032992365 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2016 SUSE LINUX GmbH, Nuernberg, Germany. +# Copyright (c) 2017 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -63,6 +63,8 @@ Patch11:krb5-1.12-ksu-path.patch Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch +# http://krbdev.mit.edu/rt/Ticket/Display.html?id=8538 +Patch14:krb5-1.15-fix_kdb_free_principal_e_data.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -177,6 +179,7 @@ %patch11 -p1 %patch12 -p1 %patch13 -p1 +%patch14 -p1 %build # needs to be re-generated ++ krb5-1.15-fix_kdb_free_principal_e_data.patch ++ >From 28ca91cd71ea64c62419e996c38031bdae01f908 Mon Sep 17 00:00:00 2001 From: Greg HudsonDate: Wed, 18 Jan 2017 11:40:49 -0500 Subject: [PATCH 1/2] Explicitly copy KDB vtable fields In preparation for bumping the kdb_vftabl minor version, use explicit field assignments when copying the module vtable to the internal copy, so that we can conditionalize assignments for minor versions greater than 0. ticket: 8538 --- src/lib/kdb/kdb5.c | 81 +++--- 1 file changed, 59 insertions(+), 22 deletions(-) diff --git a/src/lib/kdb/kdb5.c b/src/lib/kdb/kdb5.c index a3139a7dce..ee41272312 100644 --- a/src/lib/kdb/kdb5.c +++ b/src/lib/kdb/kdb5.c @@ -283,24 +283,63 @@ clean_n_exit: } static void -kdb_setup_opt_functions(db_library lib) -{ -if (lib->vftabl.fetch_master_key == NULL) -lib->vftabl.fetch_master_key = krb5_db_def_fetch_mkey; -if (lib->vftabl.fetch_master_key_list == NULL) -lib->vftabl.fetch_master_key_list = krb5_def_fetch_mkey_list; -if (lib->vftabl.store_master_key_list == NULL) -lib->vftabl.store_master_key_list = krb5_def_store_mkey_list; -if (lib->vftabl.dbe_search_enctype == NULL) -lib->vftabl.dbe_search_enctype = krb5_dbe_def_search_enctype; -if (lib->vftabl.change_pwd == NULL) -lib->vftabl.change_pwd = krb5_dbe_def_cpw; -if
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-11-28 15:02:59 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-08-05 18:11:30.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-11-28 15:03:00.0 +0100 @@ -1,0 +2,6 @@ +Mon Nov 14 08:36:06 UTC 2016 - christof.ha...@rzg.mpg.de + +- add pam configuration file required for ksu + just use a copy of "su" one from Tumbleweed + +--- New: ksu-pam.d Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.gMwZlS/_old 2016-11-28 15:03:02.0 +0100 +++ /var/tmp/diff_new_pack.gMwZlS/_new 2016-11-28 15:03:02.0 +0100 @@ -53,6 +53,7 @@ Source3:vendor-files.tar.bz2 Source4:baselibs.conf Source5:krb5-rpmlintrc +Source6:ksu-pam.d Patch1: krb5-1.12-pam.patch Patch2: krb5-1.9-manpaths.dif Patch3: krb5-1.12-buildconf.patch @@ -315,6 +316,10 @@ install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif +# link pam-config for su to ksu +mkdir -p %{buildroot}/etc/pam.d/ +install -m 644 %{S:6} %{buildroot}/etc/pam.d/ksu + # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* @@ -462,6 +467,7 @@ %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%attr(0644,root,root) %config(noreplace) /etc/pam.d/ksu /usr/lib/mit/bin/kvno /usr/lib/mit/bin/kinit /usr/lib/mit/bin/kdestroy ++ ksu-pam.d ++ #%PAM-1.0 auth sufficient pam_rootok.so auth includecommon-auth account sufficient pam_rootok.so account includecommon-account password includecommon-password session includecommon-session session optional pam_xauth.so
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-08-05 18:11:29 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-07-12 23:44:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-08-05 18:11:30.0 +0200 @@ -0,0 +1,12 @@ +--- +Fri Jul 22 08:45:19 UTC 2016 - mich...@stroeder.com + +- Upgrade from 1.14.2 to 1.14.3: + * Improve some error messages + * Improve documentation + * Allow a principal with nonexistent policy to bypass the minimum +password lifetime check, consistent with other aspects of +nonexistent policies + * Fix a rare KDC denial of service vulnerability when anonymous client +principals are restricted to obtaining TGTs only [CVE-2016-3120] + --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-07-12 23:44:11.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-08-05 18:11:30.0 +0200 @@ -1,0 +2,12 @@ +Fri Jul 22 08:45:19 UTC 2016 - mich...@stroeder.com + +- Upgrade from 1.14.2 to 1.14.3: + * Improve some error messages + * Improve documentation + * Allow a principal with nonexistent policy to bypass the minimum +password lifetime check, consistent with other aspects of +nonexistent policies + * Fix a rare KDC denial of service vulnerability when anonymous client +principals are restricted to obtaining TGTs only [CVE-2016-3120] + +--- Old: krb5-1.14.2.tar.gz New: krb5-1.14.3.tar.gz krb5-1.14.3.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.rvGsKV/_old 2016-08-05 18:11:32.0 +0200 +++ /var/tmp/diff_new_pack.rvGsKV/_new 2016-08-05 18:11:32.0 +0200 @@ -16,7 +16,7 @@ # -%define srcRoot krb5-1.14.2 +%define srcRoot krb5-1.14.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -29,7 +29,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14.2 +Version:1.14.3 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -48,10 +48,11 @@ Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source: krb5-%{version}.tar.gz -Source43: krb5.keyring -Source1:vendor-files.tar.bz2 -Source2:baselibs.conf +Source0:krb5-%{version}.tar.gz +Source1:krb5-%{version}.tar.gz.asc +Source2:krb5.keyring +Source3:vendor-files.tar.bz2 +Source4:baselibs.conf Source5:krb5-rpmlintrc Patch1: krb5-1.12-pam.patch Patch2: krb5-1.9-manpaths.dif @@ -97,7 +98,7 @@ %prep %setup -q -n %{srcRoot} -%setup -a 1 -T -D -n %{srcRoot} +%setup -a 3 -T -D -n %{srcRoot} %patch1 -p1 %patch2 -p1 %patch3 -p1 @@ -140,7 +141,8 @@ --with-system-et \ --with-system-ss \ --with-system-verto -%{__make} %{?_smp_mflags} + +make %{?_smp_mflags} # Copy kadmin manual page into kadmin.local's due to the split between client and server package cp man/kadmin.man man/kadmin.local.8 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.rvGsKV/_old 2016-08-05 18:11:32.0 +0200 +++ /var/tmp/diff_new_pack.rvGsKV/_new 2016-08-05 18:11:32.0 +0200 @@ -25,7 +25,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14.2 +Version:1.14.3 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -47,10 +47,11 @@ %endif Conflicts: krb5-mini # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar -Source: krb5-%{version}.tar.gz -Source43: krb5.keyring -Source1:vendor-files.tar.bz2 -Source2:baselibs.conf +Source0:krb5-%{version}.tar.gz +Source1:krb5-%{version}.tar.gz.asc +Source2:krb5.keyring +Source3:vendor-files.tar.bz2 +Source4:baselibs.conf Source5:krb5-rpmlintrc Patch1: krb5-1.12-pam.patch Patch2: krb5-1.9-manpaths.dif @@ -167,7 +168,7 @@ %prep %setup -q -n %{srcRoot} -%setup -a 1 -T -D -n %{srcRoot} +%setup -a 3 -T -D -n %{srcRoot}
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-07-12 23:44:09 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-05-02 10:43:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-07-12 23:44:11.0 +0200 @@ -0,0 +1,7 @@ +-- +Tue May 10 12:41:14 UTC 2016 - h...@suse.com + +- Remove source file ccapi/common/win/OldCC/autolock.hxx + that is not needed and does not carry an acceptable license. + (bsc#968111) + --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-05-02 10:43:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-07-12 23:44:11.0 +0200 @@ -1,0 +2,21 @@ +Sat Jul 2 11:38:54 UTC 2016 - idon...@suse.com + +- Remove comments breaking post scripts. + +--- +Thu Jun 30 13:34:29 UTC 2016 - fcro...@suse.com + +- Do no use systemd_requires macros in main package, it adds + unneeded dependencies which pulls systemd into minimal chroot. +- Only call %insserv_prereq when building for pre-systemd + distributions. +- Optimise some %post/%postun when only /sbin/ldconfig is called. + +-- +Tue May 10 12:41:14 UTC 2016 - h...@suse.com + +- Remove source file ccapi/common/win/OldCC/autolock.hxx + that is not needed and does not carry an acceptable license. + (bsc#968111) + +--- Old: krb5-1.14.2.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.hlkMhe/_old 2016-07-12 23:44:12.0 +0200 +++ /var/tmp/diff_new_pack.hlkMhe/_new 2016-07-12 23:44:12.0 +0200 @@ -49,7 +49,6 @@ Conflicts: krb5-plugin-preauth-otp # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar Source: krb5-%{version}.tar.gz -Source42: krb5-%version.tar.gz.asc Source43: krb5.keyring Source1:vendor-files.tar.bz2 Source2:baselibs.conf ++ krb5.spec ++ --- /var/tmp/diff_new_pack.hlkMhe/_old 2016-07-12 23:44:12.0 +0200 +++ /var/tmp/diff_new_pack.hlkMhe/_new 2016-07-12 23:44:12.0 +0200 @@ -41,7 +41,6 @@ BuildRequires: python-libxml2 BuildRequires: python-lxml BuildRequires: pkgconfig(systemd) -%{?systemd_requires} # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -49,7 +48,6 @@ Conflicts: krb5-mini # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar Source: krb5-%{version}.tar.gz -Source42: krb5-%version.tar.gz.asc Source43: krb5.keyring Source1:vendor-files.tar.bz2 Source2:baselibs.conf @@ -92,8 +90,12 @@ Requires: libverto-libev1 Requires: logrotate Requires: perl-Date-Calc +%if 0%{?suse_version} >= 1210 %{?systemd_requires} -PreReq: %insserv_prereq %fillup_prereq +%else +PreReq: %insserv_prereq +%endif +PreReq: %fillup_prereq %description server Kerberos V5 is a trusted-third-party network authentication system, @@ -319,18 +321,9 @@ %find_lang mit-krb5 -# -# krb5 pre/post/postun -# - %post -p /sbin/ldconfig -%postun -/sbin/ldconfig - -# -# krb5-server preun/postun/pre/post -# +%postun -p /sbin/ldconfig %preun server %service_del_preun krb5kdc.service kadmind.service kpropd.service @@ -347,18 +340,9 @@ %pre server %service_add_pre krb5kdc.service kadmind.service kpropd.service -# -# krb5-plugin-kdb-ldap post/postun -# - %post plugin-kdb-ldap -p /sbin/ldconfig -%postun plugin-kdb-ldap -/sbin/ldconfig - - -# files sections - +%postun plugin-kdb-ldap -p /sbin/ldconfig %files devel %defattr(-,root,root) ++ krb5-1.14.2.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.14.2.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.14.2.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-05-02 10:43:55 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-04-06 11:50:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-05-02 10:43:56.0 +0200 @@ -1,0 +2,12 @@ +Thu Apr 28 20:27:37 UTC 2016 - mich...@stroeder.com + +- removed obsolete patches: + * 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch + * krb5-mechglue_inqure_attrs.patch +- Upgrade from 1.14.1 to 1.14.2: + * Fix a moderate-severity vulnerability in the LDAP KDC back end that +could be exploited by a privileged kadmin user [CVE-2016-3119] + * Improve documentation + * Fix some interactions with GSSAPI interposer mechanisms + +--- krb5.changes: same change Old: 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch krb5-1.14.1.tar.gz krb5-1.14.1.tar.gz.asc krb5-mechglue_inqure_attrs.patch New: krb5-1.14.2.tar.gz krb5-1.14.2.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.l8c72Z/_old 2016-05-02 10:43:58.0 +0200 +++ /var/tmp/diff_new_pack.l8c72Z/_new 2016-05-02 10:43:58.0 +0200 @@ -16,7 +16,7 @@ # -%define srcRoot krb5-1.14.1 +%define srcRoot krb5-1.14.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -29,7 +29,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14.1 +Version:1.14.2 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -65,7 +65,6 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch15:krb5-fix_interposer.patch -Patch16:krb5-mechglue_inqure_attrs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -111,7 +110,6 @@ %patch12 -p1 %patch13 -p0 %patch15 -p1 -%patch16 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.l8c72Z/_old 2016-05-02 10:43:58.0 +0200 +++ /var/tmp/diff_new_pack.l8c72Z/_new 2016-05-02 10:43:58.0 +0200 @@ -25,7 +25,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14.1 +Version:1.14.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -65,8 +65,6 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch15:krb5-fix_interposer.patch -Patch16:krb5-mechglue_inqure_attrs.patch -Patch107: 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -179,8 +177,6 @@ %patch12 -p1 %patch13 -p0 %patch15 -p1 -%patch16 -p1 -%patch107 -p1 %build # needs to be re-generated ++ krb5-1.14.1.tar.gz -> krb5-1.14.2.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.14.1.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.14.2.tar.gz differ: char 5, line 1
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-04-06 11:50:34 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-02-25 21:52:25.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-04-06 11:50:35.0 +0200 @@ -1,0 +2,17 @@ +Fri Apr 1 07:45:13 UTC 2016 - h...@suse.com + +- Upgrade from 1.14 to 1.14.1: + * Remove expired patches: +0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch +0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch +0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch +krbdev.mit.edu-8301.patch + * Replace source archives: +krb5-1.14.tar.gz -> +krb5-1.14.1.tar.gz +krb5-1.14.tar.gz.asc -> +krb5-1.14.1.tar.gz.asc + * Adjust line numbers in: +krb5-fix_interposer.patch + +--- krb5.changes: same change Old: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch krb5-1.14.tar.gz krb5-1.14.tar.gz.asc krbdev.mit.edu-8301.patch New: krb5-1.14.1.tar.gz krb5-1.14.1.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.sJh1ni/_old 2016-04-06 11:50:37.0 +0200 +++ /var/tmp/diff_new_pack.sJh1ni/_new 2016-04-06 11:50:37.0 +0200 @@ -16,7 +16,7 @@ # -%define srcRoot krb5-1.14 +%define srcRoot krb5-1.14.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -29,7 +29,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14 +Version:1.14.1 Release:0 Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT @@ -64,8 +64,6 @@ Patch11:krb5-1.12-ksu-path.patch Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch -# see http://krbdev.mit.edu/rt/Ticket/Display.html?id=8301 -Patch14:krbdev.mit.edu-8301.patch Patch15:krb5-fix_interposer.patch Patch16:krb5-mechglue_inqure_attrs.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build @@ -112,7 +110,6 @@ %patch11 -p1 %patch12 -p1 %patch13 -p0 -%patch14 -p1 %patch15 -p1 %patch16 -p1 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.sJh1ni/_old 2016-04-06 11:50:37.0 +0200 +++ /var/tmp/diff_new_pack.sJh1ni/_new 2016-04-06 11:50:37.0 +0200 @@ -16,10 +16,6 @@ # -%define srcRoot krb5-1.14 -%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ -%define krb5docdir %{_defaultdocdir}/krb5 - Name: krb5 Url:http://web.mit.edu/kerberos/www/ BuildRequires: autoconf @@ -29,7 +25,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.14 +Version:1.14.1 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -68,13 +64,8 @@ Patch11:krb5-1.12-ksu-path.patch Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch -# see http://krbdev.mit.edu/rt/Ticket/Display.html?id=8301 -Patch14:krbdev.mit.edu-8301.patch Patch15:krb5-fix_interposer.patch Patch16:krb5-mechglue_inqure_attrs.patch -Patch104: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch -Patch105: 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch -Patch106: 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch Patch107: 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils @@ -170,6 +161,10 @@ practice of cleartext passwords. This package includes Libraries and Include Files for Development +%define srcRoot krb5-%{version} +%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ +%define krb5docdir %{_defaultdocdir}/krb5 + %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} @@ -183,12 +178,8 @@ %patch11 -p1 %patch12 -p1 %patch13 -p0 -%patch14 -p1 %patch15 -p1 %patch16 -p1 -%patch104 -p1 -%patch105 -p1 -%patch106 -p1 %patch107 -p1 %build ++ krb5-1.14.tar.gz -> krb5-1.14.1.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.14.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.14.1.tar.gz differ: char 5, line 1 ++ krb5-fix_interposer.patch
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-03-29 09:53:21 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-02-25 21:52:26.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-03-29 09:53:26.0 +0200 @@ -1,0 +2,7 @@ +Wed Mar 23 13:02:48 UTC 2016 - h...@suse.com + +- Introduce patch + 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch + to fix CVE-2016-3119 (bsc#971942) + +--- New: 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.QoJbbI/_old 2016-03-29 09:53:28.0 +0200 +++ /var/tmp/diff_new_pack.QoJbbI/_new 2016-03-29 09:53:28.0 +0200 @@ -75,6 +75,7 @@ Patch104: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch Patch105: 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch Patch106: 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch +Patch107: 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -188,6 +189,7 @@ %patch104 -p1 %patch105 -p1 %patch106 -p1 +%patch107 -p1 %build # needs to be re-generated ++ 0107-Fix-LDAP-null-deref-on-empty-arg-CVE-2016-3119.patch ++ >From 08c642c09c38a9c6454ab43a9b53b2a89b9eef99 Mon Sep 17 00:00:00 2001 From: Greg HudsonDate: Mon, 14 Mar 2016 17:26:34 -0400 Subject: [PATCH] Fix LDAP null deref on empty arg [CVE-2016-3119] In the LDAP KDB module's process_db_args(), strtok_r() may return NULL if there is an empty string in the db_args array. Check for this case and avoid dereferencing a null pointer. CVE-2016-3119: In MIT krb5 1.6 and later, an authenticated attacker with permission to modify a principal entry can cause kadmind to dereference a null pointer by supplying an empty DB argument to the modify_principal command, if kadmind is configured to use the LDAP KDB module. CVSSv2 Vector: AV:N/AC:H/Au:S/C:N/I:N/A:C/E:H/RL:OF/RC:ND ticket: 8383 (new) target_version: 1.14-next target_version: 1.13-next tags: pullup Line numbers are slightly adjusted by Howard Guo to fit into this older version of Kerberos. diff -rupN krb5-1.14/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c krb5-1.14-patched/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c --- krb5-1.14/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-03-23 14:00:44.669126353 +0100 +++ krb5-1.14-patched/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c 2016-03-23 14:01:45.993680720 +0100 @@ -267,6 +267,7 @@ process_db_args(krb5_context context, ch if (db_args) { for (i=0; db_args[i]; ++i) { arg = strtok_r(db_args[i], "=", _val); +arg = (arg != NULL) ? arg : ""; if (strcmp(arg, TKTPOLICY_ARG) == 0) { dptr = >tktpolicydn; } else {
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-02-25 21:52:19 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2016-01-13 22:44:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-02-25 21:52:25.0 +0100 @@ -1,0 +2,8 @@ +Thu Feb 11 15:07:26 UTC 2016 - h...@suse.com + +- Remove krb5 pieces from spec file. + Hence remove pre_checkin.sh +- Remove expired macros and other minor clena-ups in spec file. +- Change package description to explain what "mini" means. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-02-12 11:20:58.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-02-25 21:52:26.0 +0100 @@ -1,0 +2,7 @@ +Thu Feb 11 15:06:31 UTC 2016 - h...@suse.com + +- Remove krb5-mini pieces from spec file. + Hence remove pre_checkin.sh +- Remove expired macros and other minor clean-ups in spec file. + +--- Old: pre_checkin.sh Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.IzQOJO/_old 2016-02-25 21:52:29.0 +0100 +++ /var/tmp/diff_new_pack.IzQOJO/_new 2016-02-25 21:52:29.0 +0100 @@ -16,7 +16,6 @@ # -%define build_mini 1 %define srcRoot krb5-1.14 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -32,39 +31,22 @@ BuildRequires: ncurses-devel Version:1.14 Release:0 -Summary:MIT Kerberos5 Implementation--Libraries +Summary:MIT Kerberos5 implementation and libraries with minimal dependencies License:MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss BuildRequires: libverto-devel -%if ! 0%{?build_mini} -BuildRequires: doxygen -BuildRequires: libopenssl-devel -BuildRequires: openldap2-devel -BuildRequires: pam-devel -BuildRequires: python-Cheetah -BuildRequires: python-Sphinx -BuildRequires: python-libxml2 -BuildRequires: python-lxml -%if 0%{?suse_version} >= 1210 -BuildRequires: pkgconfig(systemd) -%{?systemd_requires} -%else -PreReq: %insserv_prereq -%endif # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit %endif Conflicts: krb5-mini -%else # -mini Conflicts: krb5 Conflicts: krb5-client Conflicts: krb5-server Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp -%endif # both tar.gz and .tar.gz.asc extracted from the http://web.mit.edu/kerberos/dist/krb5/1.13/krb5-1.13.2-signed.tar Source: krb5-%{version}.tar.gz Source42: krb5-%version.tar.gz.asc @@ -94,76 +76,8 @@ Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. - -%if ! %{build_mini} - -%package client -Conflicts: krb5-mini -Summary:MIT Kerberos5 implementation - client programs -Group: Productivity/Networking/Security - -%description client -Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure -practice of cleartext passwords. This package includes some required -client programs, like kinit, kadmin, ... - -%package server -Summary:MIT Kerberos5 implementation - server -Group: Productivity/Networking/Security -Requires: cron -Requires: libverto-libev1 -Requires: logrotate -Requires: perl-Date-Calc -%{?systemd_requires} -PreReq: %insserv_prereq %fillup_prereq - -%description server -Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure -practice of cleartext passwords. This package includes the kdc, kadmind -and more. - -%package plugin-kdb-ldap -Summary:MIT Kerberos5 Implementation--LDAP Database Plugin -Group: Productivity/Networking/Security -Requires: krb5-server = %{version} - -%description plugin-kdb-ldap -Kerberos V5 is a trusted-third-party network authentication system, -which can improve your network's security by eliminating the insecure -practice of clear text passwords. This package contains the LDAP -database plugin. - -%package plugin-preauth-pkinit -Summary:MIT Kerberos5 Implementation--PKINIT preauth Plugin -Group:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-02-12 11:20:54 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2016-01-13 22:44:01.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2016-02-12 11:20:58.0 +0100 @@ -1,0 +2,13 @@ +Tue Feb 2 08:41:13 UTC 2016 - h...@suse.com + +- Fix CVE-2015-8629: krb5: xdr_nullstring() doesn't check for terminating null character + with patch 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch + (bsc#963968) +- Fix CVE-2015-8631: krb5: Memory leak caused by supplying a null principal name in request + with patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch + (bsc#963975) +- Fix CVE-2015-8630: krb5: krb5 doesn't check for null policy when KADM5_POLICY is set in the mask + with patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch + (bsc#963964) + +--- New: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.lBxCDu/_old 2016-02-12 11:20:59.0 +0100 +++ /var/tmp/diff_new_pack.lBxCDu/_new 2016-02-12 11:20:59.0 +0100 @@ -86,6 +86,9 @@ Patch14:krbdev.mit.edu-8301.patch Patch15:krb5-fix_interposer.patch Patch16:krb5-mechglue_inqure_attrs.patch +Patch104: 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch +Patch105: 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch +Patch106: 0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -206,6 +209,9 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch104 -p1 +%patch105 -p1 +%patch106 -p1 %build # needs to be re-generated ++ 0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch ++ >From df17a1224a3406f57477bcd372c61e04c0e5a5bb Mon Sep 17 00:00:00 2001 From: Greg HudsonDate: Fri, 8 Jan 2016 12:45:25 -0500 Subject: [PATCH] Verify decoded kadmin C strings [CVE-2015-8629] In xdr_nullstring(), check that the decoded string is terminated with a zero byte and does not contain any internal zero bytes. CVE-2015-8629: In all versions of MIT krb5, an authenticated attacker can cause kadmind to read beyond the end of allocated memory by sending a string without a terminating zero byte. Information leakage may be possible for an attacker with permission to modify the database. CVSSv2 Vector: AV:N/AC:H/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C ticket: 8341 (new) target_version: 1.14-next target_version: 1.13-next tags: pullup diff --git a/src/lib/kadm5/kadm_rpc_xdr.c b/src/lib/kadm5/kadm_rpc_xdr.c index 2bef858..ba67084 100644 --- a/src/lib/kadm5/kadm_rpc_xdr.c +++ b/src/lib/kadm5/kadm_rpc_xdr.c @@ -64,7 +64,14 @@ bool_t xdr_nullstring(XDR *xdrs, char **objp) return FALSE; } } - return (xdr_opaque(xdrs, *objp, size)); + if (!xdr_opaque(xdrs, *objp, size)) + return FALSE; + /* Check that the unmarshalled bytes are a C string. */ + if ((*objp)[size - 1] != '\0') + return FALSE; + if (memchr(*objp, '\0', size - 1) != NULL) + return FALSE; + return TRUE; case XDR_ENCODE: if (size != 0) -- 2.7.0 ++ 0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch ++ >From 83ed75feba32e46f736fcce0d96a0445f29b96c2 Mon Sep 17 00:00:00 2001 From: Greg Hudson Date: Fri, 8 Jan 2016 13:16:54 -0500 Subject: [PATCH] Fix leaks in kadmin server stubs [CVE-2015-8631] In each kadmind server stub, initialize the client_name and server_name variables, and release them in the cleanup handler. Many of the stubs will otherwise leak the client and server name if krb5_unparse_name() fails. Also make sure to free the prime_arg variables in rename_principal_2_svc(), or we can leak the first one if unparsing the second one fails. Discovered by Simo Sorce. CVE-2015-8631: In all versions of MIT krb5, an authenticated attacker can cause kadmind to leak memory by supplying a null principal name in a request which uses one. Repeating these requests will eventually cause kadmind to exhaust all available memory. CVSSv2 Vector: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2016-01-13 22:43:58 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-12-13 09:38:30.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2016-01-13 22:44:01.0 +0100 @@ -1,0 +2,119 @@ +Mon Jan 11 12:33:54 UTC 2016 - idon...@suse.com + +- Add two patches from Fedora, fixing two crashes: + * krb5-fix_interposer.patch + * krb5-mechglue_inqure_attrs.patch + +--- +Tue Dec 8 20:40:26 UTC 2015 - mich...@stroeder.com + +- Update to 1.14 +- dropped krb5-kvno-230379.patch +- added krbdev.mit.edu-8301.patch fixing wrong function call + +Major changes in 1.14 (2015-11-20) +== + +Administrator experience: + +* Add a new kdb5_util tabdump command to provide reporting-friendly + tabular dump formats (tab-separated or CSV) for the KDC database. + Unlike the normal dump format, each output table has a fixed number + of fields. Some tables include human-readable forms of data that + are opaque in ordinary dump files. This format is also suitable for + importing into relational databases for complex queries. +* Add support to kadmin and kadmin.local for specifying a single + command line following any global options, where the command + arguments are split by the shell--for example, "kadmin getprinc + principalname". Commands issued this way do not prompt for + confirmation or display warning messages, and exit with non-zero + status if the operation fails. +* Accept the same principal flag names in kadmin as we do for the + default_principal_flags kdc.conf variable, and vice versa. Also + accept flag specifiers in the form that kadmin prints, as well as + hexadecimal numbers. +* Remove the triple-DES and RC4 encryption types from the default + value of supported_enctypes, which determines the default key and + salt types for new password-derived keys. By default, keys will + only created only for AES128 and AES256. This mitigates some types + of password guessing attacks. +* Add support for directory names in the KRB5_CONFIG and + KRB5_KDC_PROFILE environment variables. +* Add support for authentication indicators, which are ticket + annotations to indicate the strength of the initial authentication. + Add support for the "require_auth" string attribute, which can be + set on server principal entries to require an indicator when + authenticating to the server. +* Add support for key version numbers larger than 255 in keytab files, + and for version numbers up to 65535 in KDC databases. +* Transmit only one ETYPE-INFO and/or ETYPE-INFO2 entry from the KDC + during pre-authentication, corresponding to the client's most + preferred encryption type. +* Add support for server name identification (SNI) when proxying KDC + requests over HTTPS. +* Add support for the err_fmt profile parameter, which can be used to + generate custom-formatted error messages. + +Code quality: + +* Fix memory aliasing issues in SPNEGO and IAKERB mechanisms that + could cause server crashes. [CVE-2015-2695] [CVE-2015-2696] + [CVE-2015-2698] +* Fix build_principal memory bug that could cause a KDC + crash. [CVE-2015-2697] + +Developer experience: + +* Change gss_acquire_cred_with_password() to acquire credentials into + a private memory credential cache. Applications can use + gss_store_cred() to make the resulting credentials visible to other + processes. +* Change gss_acquire_cred() and SPNEGO not to acquire credentials for + IAKERB or for non-standard variants of the krb5 mechanism OID unless + explicitly requested. (SPNEGO will still accept the Microsoft + variant of the krb5 mechanism OID during negotiation.) +* Change gss_accept_sec_context() not to accept tokens for IAKERB or + for non-standard variants of the krb5 mechanism OID unless an + acceptor credential is acquired for those mechanisms. +* Change gss_acquire_cred() to immediately resolve credentials if the + time_rec parameter is not NULL, so that a correct expiration time + can be returned. Normally credential resolution is delayed until + the target name is known. +* Add krb5_prepend_error_message() and krb5_wrap_error_message() APIs, + which can be used by plugin modules or applications to add prefixes + to existing detailed error messages. +* Add krb5_c_prfplus() and krb5_c_derive_prfplus() APIs, which + implement the RFC 6113 PRF+ operation and key derivation using PRF+. +* Add support for pre-authentication mechanisms which use multiple + round trips, using the the KDC_ERR_MORE_PREAUTH_DATA_REQUIRED error
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-12-13 09:38:29 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-06-03 08:22:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-12-13 09:38:30.0 +0100 @@ -1,0 +2,20 @@ +Mon Dec 7 08:04:45 UTC 2015 - mich...@stroeder.com + +- Udapte to 1.13.3 + +Major changes in 1.13.3 (2015-12-04) + + +This is a bug fix release. The krb5-1.13 release series is in +maintenance, and for new deployments, installers should prefer the +krb5-1.14 release series or later. + +* Fix memory aliasing issues in SPNEGO and IAKERB mechanisms that + could cause server crashes. [CVE-2015-2695] [CVE-2015-2696] + [CVE-2015-2698] +* Fix build_principal memory bug that could cause a KDC + crash. [CVE-2015-2697] +* Allow an iprop slave to receive full resyncs from KDCs running + krb5-1.10 or earlier. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2015-11-15 12:45:44.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-12-13 09:38:30.0 +0100 @@ -1,0 +2,25 @@ +Mon Dec 7 08:04:45 UTC 2015 - mich...@stroeder.com + +- Udapte to 1.13.3 +- removed patches for security fixes now in upstream source: + 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch + 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch + 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch + 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch + +Major changes in 1.13.3 (2015-12-04) + + +This is a bug fix release. The krb5-1.13 release series is in +maintenance, and for new deployments, installers should prefer the +krb5-1.14 release series or later. + +* Fix memory aliasing issues in SPNEGO and IAKERB mechanisms that + could cause server crashes. [CVE-2015-2695] [CVE-2015-2696] + [CVE-2015-2698] +* Fix build_principal memory bug that could cause a KDC + crash. [CVE-2015-2697] +* Allow an iprop slave to receive full resyncs from KDCs running + krb5-1.10 or earlier. + +--- Old: 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch krb5-1.13.2.tar.gz krb5-1.13.2.tar.gz.asc New: krb5-1.13.3.tar.gz krb5-1.13.3.tar.gz.asc Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.fNv1Y6/_old 2015-12-13 09:38:32.0 +0100 +++ /var/tmp/diff_new_pack.fNv1Y6/_new 2015-12-13 09:38:32.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.13.2 +%define srcRoot krb5-1.13.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.13.2 +Version:1.13.3 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.fNv1Y6/_old 2015-12-13 09:38:32.0 +0100 +++ /var/tmp/diff_new_pack.fNv1Y6/_new 2015-12-13 09:38:32.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.13.2 +%define srcRoot krb5-1.13.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.13.2 +Version:1.13.3 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -83,10 +83,6 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch100: 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch -Patch101: 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch -Patch102: 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch -Patch103: 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,10 +201,6 @@ %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch100 -p1 -%patch101
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-11-15 12:45:42 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2015-11-04 15:30:38.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-11-15 12:45:44.0 +0100 @@ -1,0 +2,7 @@ +Tue Nov 10 14:57:01 UTC 2015 - h...@suse.com + +- Apply patch 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch + to fix a memory corruption regression introduced by resolution of + CVE-2015-2698. bsc#954204 + +--- New: 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.JMVTxM/_old 2015-11-15 12:45:46.0 +0100 +++ /var/tmp/diff_new_pack.JMVTxM/_new 2015-11-15 12:45:46.0 +0100 @@ -86,6 +86,7 @@ Patch100: 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch Patch101: 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch Patch102: 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch +Patch103: 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -207,6 +208,7 @@ %patch100 -p1 %patch101 -p1 %patch102 -p1 +%patch103 -p1 %build # needs to be re-generated ++ 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch ++ >From 3db8dfec1ef50ddd78d6ba9503185995876a39fd Mon Sep 17 00:00:00 2001 From: Greg HudsonDate: Sun, 1 Nov 2015 22:45:21 -0500 Subject: [PATCH] Fix IAKERB context export/import [CVE-2015-2698] The patches for CVE-2015-2696 contained a regression in the newly added IAKERB iakerb_gss_export_sec_context() function, which could cause it to corrupt memory. Fix the regression by properly dereferencing the context_handle pointer before casting it. Also, the patches did not implement an IAKERB gss_import_sec_context() function, under the erroneous belief that an exported IAKERB context would be tagged as a krb5 context. Implement it now to allow IAKERB contexts to be successfully exported and imported after establishment. CVE-2015-2698: In any MIT krb5 release with the patches for CVE-2015-2696 applied, an application which calls gss_export_sec_context() may experience memory corruption if the context was established using the IAKERB mechanism. Historically, some vulnerabilities of this nature can be translated into remote code execution, though the necessary exploits must be tailored to the individual application and are usually quite complicated. CVSSv2 Vector: AV:N/AC:H/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C ticket: 8273 (new) target_version: 1.14 tags: pullup Line numbers are slightly adjusted by Howard Guo . diff -rupN krb5-1.12.1/src/lib/gssapi/krb5/gssapi_krb5.c krb5-1.12.1-patched/src/lib/gssapi/krb5/gssapi_krb5.c --- krb5-1.12.1/src/lib/gssapi/krb5/gssapi_krb5.c 2015-11-10 15:37:32.209657599 +0100 +++ krb5-1.12.1-patched/src/lib/gssapi/krb5/gssapi_krb5.c 2015-11-10 15:38:52.106323672 +0100 @@ -945,7 +945,7 @@ static struct gss_config iakerb_mechanis NULL, #else iakerb_gss_export_sec_context, -NULL, +iakerb_gss_import_sec_context, #endif krb5_gss_inquire_cred_by_mech, krb5_gss_inquire_names_for_mech, diff -rupN krb5-1.12.1/src/lib/gssapi/krb5/gssapiP_krb5.h krb5-1.12.1-patched/src/lib/gssapi/krb5/gssapiP_krb5.h --- krb5-1.12.1/src/lib/gssapi/krb5/gssapiP_krb5.h 2015-11-10 15:37:32.209657599 +0100 +++ krb5-1.12.1-patched/src/lib/gssapi/krb5/gssapiP_krb5.h 2015-11-10 15:38:52.106323672 +0100 @@ -1393,6 +1393,11 @@ OM_uint32 KRB5_CALLCONV iakerb_gss_export_sec_context(OM_uint32 *minor_status, gss_ctx_id_t *context_handle, gss_buffer_t interprocess_token); + +OM_uint32 KRB5_CALLCONV +iakerb_gss_import_sec_context(OM_uint32 *minor_status, + const gss_buffer_t interprocess_token, + gss_ctx_id_t *context_handle); #endif /* LEAN_CLIENT */ OM_uint32 KRB5_CALLCONV diff -rupN krb5-1.12.1/src/lib/gssapi/krb5/iakerb.c krb5-1.12.1-patched/src/lib/gssapi/krb5/iakerb.c --- krb5-1.12.1/src/lib/gssapi/krb5/iakerb.c2015-11-10 15:37:32.209657599 +0100 +++ krb5-1.12.1-patched/src/lib/gssapi/krb5/iakerb.c2015-11-10 15:41:43.431752632 +0100 @@ -1061,7 +1061,7 @@ iakerb_gss_export_sec_context(OM_uint32
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-11-04 15:30:36 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is "krb5" Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2015-06-03 08:22:13.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-11-04 15:30:38.0 +0100 @@ -1,0 +2,11 @@ +Wed Oct 28 13:54:39 UTC 2015 - h...@suse.com + +- Make kadmin.local man page available without having to install krb5-client. bsc#948011 +- Apply patch 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch + to fix build_principal memory bug [CVE-2015-2697] bsc#952190 +- Apply patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch + to fix IAKERB context aliasing bugs [CVE-2015-2696] bsc#952189 +- Apply patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch + to fix SPNEGO context aliasing bugs [CVE-2015-2695] bsc#952188 + +--- New: 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.cADNAQ/_old 2015-11-04 15:30:39.0 +0100 +++ /var/tmp/diff_new_pack.cADNAQ/_new 2015-11-04 15:30:39.0 +0100 @@ -83,6 +83,9 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch +Patch100: 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch +Patch101: 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch +Patch102: 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -201,6 +204,9 @@ %patch12 -p1 %patch13 -p0 %patch14 -p1 +%patch100 -p1 +%patch101 -p1 +%patch102 -p1 %build # needs to be re-generated @@ -247,6 +253,9 @@ cd .. %endif +# Copy kadmin manual page into kadmin.local's due to the split between client and server package +cp man/kadmin.man man/kadmin.local.8 + %install # Where per-user keytabs live by default. ++ 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch ++ >From f0c094a1b745d91ef2f9a4eae2149aac026a5789 Mon Sep 17 00:00:00 2001 From: Greg HudsonDate: Fri, 25 Sep 2015 12:51:47 -0400 Subject: [PATCH] Fix build_principal memory bug [CVE-2015-2697] In build_principal_va(), use k5memdup0() instead of strdup() to make a copy of the realm, to ensure that we allocate the correct number of bytes and do not read past the end of the input string. This bug affects krb5_build_principal(), krb5_build_principal_va(), and krb5_build_principal_alloc_va(). krb5_build_principal_ext() is not affected. CVE-2015-2697: In MIT krb5 1.7 and later, an authenticated attacker may be able to cause a KDC to crash using a TGS request with a large realm field beginning with a null byte. If the KDC attempts to find a referral to answer the request, it constructs a principal name for lookup using krb5_build_principal() with the requested realm. Due to a bug in this function, the null byte causes only one byte be allocated for the realm field of the constructed principal, far less than its length. Subsequent operations on the lookup principal may cause a read beyond the end of the mapped memory region, causing the KDC process to crash. CVSSv2: AV:N/AC:L/Au:S/C:N/I:N/A:C/E:POC/RL:OF/RC:C ticket: 8252 (new) target_version: 1.14 tags: pullup diff --git a/src/lib/krb5/krb/bld_princ.c b/src/lib/krb5/krb/bld_princ.c index ab6fed8..8604268 100644 --- a/src/lib/krb5/krb/bld_princ.c +++ b/src/lib/krb5/krb/bld_princ.c @@ -40,10 +40,8 @@ build_principal_va(krb5_context context, krb5_principal princ, data = malloc(size * sizeof(krb5_data)); if (!data) { retval = ENOMEM; } -if (!retval) { -r = strdup(realm); -if (!r) { retval = ENOMEM; } -} +if (!retval) +r = k5memdup0(realm, rlen, ); while (!retval && (component = va_arg(ap, char *))) { if (count == size) { -- 2.6.2 ++ 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch ++ 729 lines (skipped) ++ 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch ++ >From b51b33f2bc5d1497ddf5bd107f791c101695000d Mon Sep 17 00:00:00 2001 From: Nicolas Williams Date: Mon, 14 Sep 2015 12:27:52 -0400 Subject: [PATCH] Fix SPNEGO context aliasing bugs [CVE-2015-2695] The SPNEGO mechanism currently replaces its
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-06-03 08:22:12 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-05-29 11:44:24.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-06-03 08:22:13.0 +0200 @@ -1,0 +2,6 @@ +Mon Jun 1 07:38:15 UTC 2015 - h...@suse.com + +- Let server depend on libev (module of libverto). This was the + embedded implementation before the seperation of libverto from krb. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2015-05-29 11:44:24.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-06-03 08:22:13.0 +0200 @@ -1,0 +2,6 @@ +Mon Jun 1 07:31:52 UTC 2015 - h...@suse.com + +- Let server depend on libev (module of libverto). This was the + preferred implementation before the seperation of libverto from krb. + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.SFSMcq/_old 2015-06-03 08:22:14.0 +0200 +++ /var/tmp/diff_new_pack.SFSMcq/_new 2015-06-03 08:22:14.0 +0200 @@ -109,6 +109,7 @@ Summary:MIT Kerberos5 implementation - server Group: Productivity/Networking/Security Requires: cron +Requires: libverto-libev1 Requires: logrotate Requires: perl-Date-Calc %{?systemd_requires} krb5.spec: same change
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-05-29 11:44:23 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-02-22 17:23:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-05-29 11:44:24.0 +0200 @@ -1,0 +2,59 @@ +Thu May 28 08:01:00 UTC 2015 - dims...@opensuse.org + +- Drop libverto and libverto-libev Requires from the -server + package: those package names don't exist and the shared libs + are pulled in automatically. + +--- +Wed May 27 10:59:13 UTC 2015 - dims...@opensuse.org + +- Unconditionally buildrequire libverto-devel: krb5-mini also + depends on it. + +--- +Fri May 22 09:27:11 UTC 2015 - meiss...@suse.com + +- pre_checkin.sh aligned changes between krb5/krb5-mini +- added krb5.keyring + +--- +Tue May 12 07:48:18 UTC 2015 - mich...@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables weak enctypes, which defaults to false +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) + + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues with some less-used kadm5.acl functionality. + +* Improve documentation. + +--- +Thu Apr 23 14:13:03 UTC 2015 - h...@suse.com + +- Use externally built libverto + +--- @@ -16,0 +76 @@ + @@ -18 +78 @@ -Tue Jan 6 07:20:54 UTC 2015 - m...@suse.com +Tue Jan 6 07:12:29 UTC 2015 - m...@suse.com @@ -52,0 +113,12 @@ +--- +Thu Sep 25 12:48:32 UTC 2014 - dd...@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + +--- +Tue Sep 23 13:25:33 UTC 2014 - vark...@suse.com + +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- added patches: + * bnc#897874-CVE-2014-5351.diff --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2015-02-22 17:23:32.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-05-29 11:44:24.0 +0200 @@ -1,0 +2,59 @@ +Thu May 28 08:01:00 UTC 2015 - dims...@opensuse.org + +- Drop libverto and libverto-libev Requires from the -server + package: those package names don't exist and the shared libs + are pulled in automatically. + +--- +Wed May 27 10:59:13 UTC 2015 - dims...@opensuse.org + +- Unconditionally buildrequire libverto-devel: krb5-mini also + depends on it. + +--- +Fri May 22 09:27:11 UTC 2015 - meiss...@suse.com + +- pre_checkin.sh aligned changes between krb5/krb5-mini +- added krb5.keyring + +--- +Tue May 12 07:48:18 UTC 2015 - mich...@stroeder.com + +- update to krb5 1.13.2 + +- DES transition +== + +The Data Encryption Standard (DES) is widely recognized as weak. The +krb5-1.7 release contains measures to encourage sites to migrate away +- From using single-DES cryptosystems. Among these is a configuration +variable that enables weak enctypes, which defaults to false +beginning with krb5-1.8. + + +Major changes in 1.13.2 (2015-05-08) + + +This is a bug fix release. + +* Fix a minor vulnerability in krb5_read_message, which is primarily + used in the BSD-derived kcmd suite of applications. [CVE-2014-5355] + +* Fix a bypass of requires_preauth in KDCs that have PKINIT enabled. + [CVE-2015-2694] + +* Fix some issues with the LDAP KDC database back end. + +* Fix an iteration-related memory leak in the DB2 KDC database back + end. + +* Fix issues
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-02-22 17:23:32 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2015-01-08 23:01:08.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-02-22 17:23:32.0 +0100 @@ -1,0 +2,16 @@ +Wed Feb 18 11:48:46 UTC 2015 - mich...@stroeder.com + +- update to krb5 1.13.1 + +Major changes in 1.13.1 (2015-02-11) + + +This is a bug fix release. + +* Fix multiple vulnerabilities in the LDAP KDC back end. + [CVE-2014-5354] [CVE-2014-5353] + +* Fix multiple kadmind vulnerabilities, some of which are based in the + gssrpc library. [CVE-2014-5352 CVE-2014-5352 CVE-2014-9421 + CVE-2014-9422 CVE-2014-9423] +--- krb5.changes: same change Old: krb5-1.13.tar.gz New: krb5-1.13.1.tar.gz Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.xXxEzB/_old 2015-02-22 17:23:34.0 +0100 +++ /var/tmp/diff_new_pack.xXxEzB/_new 2015-02-22 17:23:34.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.13 +%define srcRoot krb5-1.13.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.13 +Version:1.13.1 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.xXxEzB/_old 2015-02-22 17:23:34.0 +0100 +++ /var/tmp/diff_new_pack.xXxEzB/_new 2015-02-22 17:23:34.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.13 +%define srcRoot krb5-1.13.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.13 +Version:1.13.1 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5-1.13.tar.gz - krb5-1.13.1.tar.gz ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.13.tar.gz /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.13.1.tar.gz differ: char 5, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2015-01-08 23:01:05 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-09-03 20:09:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2015-01-08 23:01:08.0 +0100 @@ -1,0 +2,36 @@ +Tue Jan 6 07:20:54 UTC 2015 - m...@suse.com + +- Update to krb5 1.13 + * Add support for accessing KDCs via an HTTPS proxy server using the +MS-KKDCP protocol. + * Add support for hierarchical incremental propagation, where slaves +can act as intermediates between an upstream master and other downstream +slaves. + * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf +files in addition to /etc/gss/mech. + * Add support to the LDAP KDB module for binding to the LDAP server using +SASL. + * The KDC listens for TCP connections by default. + * Fix a minor key disclosure vulnerability where using the keepold option +to the kadmin randkey operation could return the old keys. [CVE-2014-5351] + * Add client support for the Kerberos Cache Manager protocol. If the host +is running a Heimdal kcm daemon, caches served by the daemon can be +accessed with the KCM: cache type. + * When built on OS X 10.7 and higher, use KCM: as the default cache type, +unless overridden by command-line options or krb5-config values. + * Add support for doing unlocked database dumps for the DB2 KDC back end, +which would allow the KDC and kadmind to continue accessing the database +during lengthy database dumps. +- Removed patches, useless or upstreamed + * krb5-1.9-kprop-mktemp.patch + * krb5-1.10-ksu-access.patch + * krb5-1.12-doxygen.patch + * bnc#897874-CVE-2014-5351.diff + * krb5-1.13-work-around-replay-cache-creation-race.patch + * krb5-1.10-kpasswd_tcp.patch +- Refreshed patches + * krb5-1.12-pam.patch + * krb5-1.12-selinux-label.patch + * krb5-1.7-doublelog.patch + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-10-05 20:27:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2015-01-08 23:01:08.0 +0100 @@ -1,0 +2,36 @@ +Tue Jan 6 07:12:29 UTC 2015 - m...@suse.com + +- Update to krb5 1.13 + * Add support for accessing KDCs via an HTTPS proxy server using the +MS-KKDCP protocol. + * Add support for hierarchical incremental propagation, where slaves +can act as intermediates between an upstream master and other downstream +slaves. + * Add support for configuring GSS mechanisms using /etc/gss/mech.d/*.conf +files in addition to /etc/gss/mech. + * Add support to the LDAP KDB module for binding to the LDAP server using +SASL. + * The KDC listens for TCP connections by default. + * Fix a minor key disclosure vulnerability where using the keepold option +to the kadmin randkey operation could return the old keys. [CVE-2014-5351] + * Add client support for the Kerberos Cache Manager protocol. If the host +is running a Heimdal kcm daemon, caches served by the daemon can be +accessed with the KCM: cache type. + * When built on OS X 10.7 and higher, use KCM: as the default cache type, +unless overridden by command-line options or krb5-config values. + * Add support for doing unlocked database dumps for the DB2 KDC back end, +which would allow the KDC and kadmind to continue accessing the database +during lengthy database dumps. +- Removed patches, useless or upstreamed + * krb5-1.9-kprop-mktemp.patch + * krb5-1.10-ksu-access.patch + * krb5-1.12-doxygen.patch + * bnc#897874-CVE-2014-5351.diff + * krb5-1.13-work-around-replay-cache-creation-race.patch + * krb5-1.10-kpasswd_tcp.patch +- Refreshed patches + * krb5-1.12-pam.patch + * krb5-1.12-selinux-label.patch + * krb5-1.7-doublelog.patch + +--- Old: bnc#897874-CVE-2014-5351.diff krb5-1.10-kpasswd_tcp.patch krb5-1.10-ksu-access.patch krb5-1.12-doxygen.patch krb5-1.12.2.tar.gz krb5-1.13-work-around-replay-cache-creation-race.patch krb5-1.9-kprop-mktemp.patch New: krb5-1.13.tar.gz Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.MFJ7W8/_old 2015-01-08 23:01:10.0 +0100 +++ /var/tmp/diff_new_pack.MFJ7W8/_new 2015-01-08 23:01:10.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2014 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2015 SUSE LINUX Products GmbH,
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-10-05 20:27:19 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-09-28 19:56:39.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-10-05 20:27:21.0 +0200 @@ -1,0 +2,6 @@ +Thu Sep 25 12:48:32 UTC 2014 - dd...@suse.com + +- Work around replay cache creation race; (bnc#898439). + krb5-1.13-work-around-replay-cache-creation-race.patch + +--- New: krb5-1.13-work-around-replay-cache-creation-race.patch Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.5WykFm/_old 2014-10-05 20:27:23.0 +0200 +++ /var/tmp/diff_new_pack.5WykFm/_new 2014-10-05 20:27:23.0 +0200 @@ -84,6 +84,7 @@ Patch14:krb5-kvno-230379.patch Patch20:krb5-1.12-doxygen.patch Patch21:bnc#897874-CVE-2014-5351.diff +Patch22:krb5-1.13-work-around-replay-cache-creation-race.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,6 +206,7 @@ %patch14 -p1 %patch20 -p1 %patch21 -p1 +%patch22 -p1 %build # needs to be re-generated ++ krb5-1.13-work-around-replay-cache-creation-race.patch ++ From 99e08376c14240e2141c6fa9289fafab8245c754 Mon Sep 17 00:00:00 2001 From: Greg Hudson ghud...@mit.edu Date: Wed, 17 Sep 2014 10:45:28 -0400 Subject: [PATCH] Work around replay cache creation race If two processes try to initialize the same replay cache at the same time, krb5_rc_io_creat can race between unlink and open, leading to a KRB5_RC_IO_PERM error. When this happens, make the losing process retry so that it can continue. This does not solve the replay cache creation race, nor is that the only replay cache race issue. It simply prevents the race from causing a spurious failure. (cherry picked from commit c61e8c0c6ad5fda8d23dd896c4aed0ac5b470020) ticket: 3498 version_fixed: 1.13 status: resolved --- src/lib/krb5/rcache/rc_io.c | 12 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/src/lib/krb5/rcache/rc_io.c b/src/lib/krb5/rcache/rc_io.c index 7e3b7e9..b9859fe 100644 --- a/src/lib/krb5/rcache/rc_io.c +++ b/src/lib/krb5/rcache/rc_io.c @@ -158,7 +158,7 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) { krb5_int16 rc_vno = htons(KRB5_RC_VNO); krb5_error_code retval = 0; -int do_not_unlink = 0; +int flags, do_not_unlink = 0; char *dir; size_t dirlen; @@ -166,9 +166,13 @@ krb5_rc_io_creat(krb5_context context, krb5_rc_iostuff *d, char **fn) if (fn *fn) { if (asprintf(d-fn, %s%s%s, dir, PATH_SEPARATOR, *fn) 0) return KRB5_RC_IO_MALLOC; -unlink(d-fn); -d-fd = THREEPARAMOPEN(d-fn, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | - O_BINARY, 0600); +d-fd = -1; +do { +if (unlink(d-fn) == -1 errno != ENOENT) +break; +flags = O_WRONLY | O_CREAT | O_TRUNC | O_EXCL | O_BINARY; +d-fd = THREEPARAMOPEN(d-fn, flags, 0600); +} while (d-fd == -1 errno == EEXIST); } else { retval = krb5_rc_io_mkstemp(context, d, dir); if (retval) -- 1.8.4.5 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-09-28 19:56:34 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-09-03 20:09:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-09-28 19:56:39.0 +0200 @@ -1,0 +2,6 @@ +Tue Sep 23 13:25:33 UTC 2014 - vark...@suse.com + +- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal +- added patches: + * bnc#897874-CVE-2014-5351.diff +--- New: bnc#897874-CVE-2014-5351.diff Other differences: -- ++ krb5.spec ++ --- /var/tmp/diff_new_pack.AjAvvf/_old 2014-09-28 19:56:41.0 +0200 +++ /var/tmp/diff_new_pack.AjAvvf/_new 2014-09-28 19:56:41.0 +0200 @@ -83,6 +83,7 @@ Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch Patch20:krb5-1.12-doxygen.patch +Patch21:bnc#897874-CVE-2014-5351.diff BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -203,6 +204,7 @@ %patch13 -p0 %patch14 -p1 %patch20 -p1 +%patch21 -p1 %build # needs to be re-generated ++ bnc#897874-CVE-2014-5351.diff ++ diff --git a/src/lib/kadm5/srv/svr_principal.c b/src/lib/kadm5/srv/svr_principal.c index 5d358bd..d4e74cc 100644 --- a/src/lib/kadm5/srv/svr_principal.c +++ b/src/lib/kadm5/srv/svr_principal.c @@ -344,6 +344,20 @@ check_1_6_dummy(kadm5_principal_ent_t entry, long mask, *passptr = NULL; } +/* Return the number of keys with the newest kvno. Assumes that all key data + * with the newest kvno are at the front of the key data array. */ +static int +count_new_keys(int n_key_data, krb5_key_data *key_data) +{ +int n; + +for (n = 1; n n_key_data; n++) { +if (key_data[n - 1].key_data_kvno != key_data[n].key_data_kvno) +return n; +} +return n_key_data; +} + kadm5_ret_t kadm5_create_principal(void *server_handle, kadm5_principal_ent_t entry, long mask, @@ -1593,7 +1607,7 @@ kadm5_randkey_principal_3(void *server_handle, osa_princ_ent_rec adb; krb5_int32 now; kadm5_policy_ent_recpol; -int ret, last_pwd; +int ret, last_pwd, n_new_keys; krb5_booleanhave_pol = FALSE; kadm5_server_handle_t handle = server_handle; krb5_keyblock *act_mkey; @@ -1686,8 +1700,9 @@ kadm5_randkey_principal_3(void *server_handle, kdb-fail_auth_count = 0; if (keyblocks) { -ret = decrypt_key_data(handle-context, - kdb-n_key_data, kdb-key_data, +/* Return only the new keys added by krb5_dbe_crk. */ +n_new_keys = count_new_keys(kdb-n_key_data, kdb-key_data); +ret = decrypt_key_data(handle-context, n_new_keys, kdb-key_data, keyblocks, n_keys); if (ret) goto done; -- 1.8.5.2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-09-03 18:21:36 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-08-20 17:53:42.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-09-03 20:09:20.0 +0200 @@ -1,0 +2,33 @@ +Sat Aug 30 22:29:28 UTC 2014 - andreas.stie...@gmx.de + +- krb5 5.12.2: + * Work around a gcc optimizer bug that could cause DB2 KDC +database operations to spin in an infinite loop + * Fix a backward compatibility problem with the LDAP KDB schema +that could prevent krb5-1.11 and later from decoding entries +created by krb5-1.6. + * Avoid an infinite loop under some circumstances when the GSS +mechglue loads a dynamic mechanism. + * Fix krb5kdc argument parsing so -w and -r options work +togetherreliably. +- Vulnerability fixes previously fixed in package via patches: + * Handle certain invalid RFC 1964 GSS tokens correctly to avoid +invalid memory reference vulnerabilities. [CVE-2014-4341 +CVE-2014-4342] + * Fix memory management vulnerabilities in GSSAPI SPNEGO. +[CVE-2014-4343 CVE-2014-4344] + * Fix buffer overflow vulnerability in LDAP KDB back end. +[CVE-2014-4345] +- updated patches: + * krb5-1.7-doublelog.patch for context change + * krb5-1.6.3-ktutil-manpage.dif, same +- removed patches, in upstream: + * krb5-master-keyring-kdcsync.patch + * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch + * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch + * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch + * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch +- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch + from upstream + +--- krb5.changes: same change Old: krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch krb5-1.12.1.tar.gz krb5-master-keyring-kdcsync.patch New: krb5-1.12-doxygen.patch krb5-1.12.2.tar.gz Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.1diBgX/_old 2014-09-03 20:09:22.0 +0200 +++ /var/tmp/diff_new_pack.1diBgX/_new 2014-09-03 20:09:22.0 +0200 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.12.1 +%define srcRoot krb5-1.12.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.12.1 +Version:1.12.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -82,11 +82,7 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch15:krb5-master-keyring-kdcsync.patch -Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch -Patch17:krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch -Patch18:krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch -Patch19: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch +Patch20:krb5-1.12-doxygen.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -206,11 +202,7 @@ %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 +%patch20 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.1diBgX/_old 2014-09-03 20:09:22.0 +0200 +++ /var/tmp/diff_new_pack.1diBgX/_new 2014-09-03 20:09:22.0 +0200 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.12.1 +%define srcRoot krb5-1.12.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.12.1 +Version:1.12.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -82,11 +82,7 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch15:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-08-20 17:53:40 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-08-06 11:42:17.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-08-20 17:53:42.0 +0200 @@ -1,0 +2,7 @@ +Fri Aug 8 15:55:01 UTC 2014 - ckornac...@suse.com + +- buffer overrun in kadmind with LDAP backend + CVE-2014-4345 (bnc#891082) + krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch + +--- krb5.changes: same change New: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.zcOpXr/_old 2014-08-20 17:53:44.0 +0200 +++ /var/tmp/diff_new_pack.zcOpXr/_new 2014-08-20 17:53:44.0 +0200 @@ -86,6 +86,7 @@ Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch Patch17:krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Patch18:krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch +Patch19: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -209,6 +210,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.zcOpXr/_old 2014-08-20 17:53:44.0 +0200 +++ /var/tmp/diff_new_pack.zcOpXr/_new 2014-08-20 17:53:44.0 +0200 @@ -86,6 +86,7 @@ Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch Patch17:krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch Patch18:krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch +Patch19: krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -209,6 +210,7 @@ %patch16 -p1 %patch17 -p1 %patch18 -p1 +%patch19 -p1 %build # needs to be re-generated ++ krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch ++ diff --git a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c index ce851ea..df5934c 100644 --- a/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c +++ b/src/plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c @@ -456,7 +456,8 @@ krb5_encode_krbsecretkey(krb5_key_data *key_data_in, int n_key_data, j++; last = i + 1; -currkvno = key_data[i].key_data_kvno; +if (i n_key_data - 1) +currkvno = key_data[i + 1].key_data_kvno; } } ret[num_versions] = NULL; -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-08-06 11:42:15 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-07-27 08:25:45.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-08-06 11:42:17.0 +0200 @@ -1,0 +2,8 @@ +Mon Jul 28 09:22:06 UTC 2014 - ckornac...@suse.com + +- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697) + krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch + Fix null deref in SPNEGO acceptor [CVE-2014-4344] + krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch + +--- krb5.changes: same change New: krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.0GDPhw/_old 2014-08-06 11:42:19.0 +0200 +++ /var/tmp/diff_new_pack.0GDPhw/_new 2014-08-06 11:42:19.0 +0200 @@ -84,6 +84,8 @@ Patch14:krb5-kvno-230379.patch Patch15:krb5-master-keyring-kdcsync.patch Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch +Patch17:krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch +Patch18:krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,6 +207,8 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.0GDPhw/_old 2014-08-06 11:42:19.0 +0200 +++ /var/tmp/diff_new_pack.0GDPhw/_new 2014-08-06 11:42:19.0 +0200 @@ -84,6 +84,8 @@ Patch14:krb5-kvno-230379.patch Patch15:krb5-master-keyring-kdcsync.patch Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch +Patch17:krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch +Patch18:krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %fillup_prereq @@ -205,6 +207,8 @@ %patch14 -p1 %patch15 -p1 %patch16 -p1 +%patch17 -p1 +%patch18 -p1 %build # needs to be re-generated ++ krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch ++ From f18ddf5d82de0ab7591a36e465bc24225776940f Mon Sep 17 00:00:00 2001 From: David Woodhouse david.woodho...@intel.com Date: Tue, 15 Jul 2014 12:54:15 -0400 Subject: [PATCH] Fix double-free in SPNEGO [CVE-2014-4343] In commit cd7d6b08 (Verify acceptor's mech in SPNEGO initiator) the pointer sc-internal_mech became an alias into sc-mech_set-elements, which should be considered constant for the duration of the SPNEGO context. So don't free it. CVE-2014-4343: In MIT krb5 releases 1.10 and newer, an unauthenticated remote attacker with the ability to spoof packets appearing to be from a GSSAPI acceptor can cause a double-free condition in GSSAPI initiators (clients) which are using the SPNEGO mechanism, by returning a different underlying mechanism than was proposed by the initiator. At this stage of the negotiation, the acceptor is unauthenticated, and the acceptor's response could be spoofed by an attacker with the ability to inject traffic to the initiator. Historically, some double-free vulnerabilities can be translated into remote code execution, though the necessary exploits must be tailored to the individual application and are usually quite complicated. Double-frees can also be exploited to cause an application crash, for a denial of service. However, most GSSAPI client applications are not vulnerable, as the SPNEGO mechanism is not used by default (when GSS_C_NO_OID is passed as the mech_type argument to gss_init_sec_context()). The most common use of SPNEGO is for HTTP-Negotiate, used in web browsers and other web clients. Most such clients are believed to not offer HTTP-Negotiate by default, instead requiring a whitelist of sites for which it may be used to be configured. If the whitelist is configured to only allow HTTP-Negotiate over TLS connections (https://;), a successful attacker must also spoof the web server's SSL certificate, due to the way the WWW-Authenticate header is sent in a 401 (Unauthorized) response message. Unfortunately, many instructions for enabling HTTP-Negotiate in common web browsers do not include a TLS requirement. CVSSv2 Vector:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-07-27 08:25:40 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-02-19 11:39:17.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-07-27 08:25:45.0 +0200 @@ -2 +2,19 @@ -Tue Feb 18 15:27:15 UTC 2014 - ckornac...@suse.com +Sat Jul 19 12:38:21 UTC 2014 - p.drou...@gmail.com + +- Do not depend of insserv if systemd is used + +--- +Thu Jul 10 15:59:52 UTC 2014 - ckornac...@suse.com + +- denial of service flaws when handling RFC 1964 tokens (bnc#886016) + krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch +- start krb5kdc after slapd (bnc#886102) + +--- +Fri Jun 6 11:08:08 UTC 2014 - ckornac...@suse.com + +- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) + similar functionality is provided by krb5-plugin-preauth-pkinit + +--- +Tue Feb 18 15:25:57 UTC 2014 - ckornac...@suse.com @@ -7 +25 @@ -Tue Jan 21 14:28:05 UTC 2014 - ckornac...@suse.com +Tue Jan 21 14:23:37 UTC 2014 - ckornac...@suse.com @@ -28 +46 @@ -Mon Jan 13 15:40:18 UTC 2014 - ckornac...@suse.com +Mon Jan 13 15:37:16 UTC 2014 - ckornac...@suse.com --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-02-19 11:39:17.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-07-27 08:25:45.0 +0200 @@ -1,0 +2,18 @@ +Sat Jul 19 12:38:21 UTC 2014 - p.drou...@gmail.com + +- Do not depend of insserv if systemd is used + +--- +Thu Jul 10 15:59:52 UTC 2014 - ckornac...@suse.com + +- denial of service flaws when handling RFC 1964 tokens (bnc#886016) + krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch +- start krb5kdc after slapd (bnc#886102) + +--- +Fri Jun 6 11:08:08 UTC 2014 - ckornac...@suse.com + +- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674) + similar functionality is provided by krb5-plugin-preauth-pkinit + +--- New: krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.3rs6QU/_old 2014-07-27 08:25:46.0 +0200 +++ /var/tmp/diff_new_pack.3rs6QU/_new 2014-07-27 08:25:46.0 +0200 @@ -35,6 +35,7 @@ Summary:MIT Kerberos5 Implementation--Libraries License:MIT Group: Productivity/Networking/Security +Obsoletes: krb5-plugin-preauth-pkinit-nss %if ! 0%{?build_mini} BuildRequires: doxygen BuildRequires: libopenssl-devel @@ -47,6 +48,8 @@ %if 0%{?suse_version} = 1210 BuildRequires: pkgconfig(systemd) %{?systemd_requires} +%else +PreReq: %insserv_prereq %endif # bug437293 %ifarch ppc64 @@ -80,9 +83,10 @@ Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch Patch15:krb5-master-keyring-kdcsync.patch +Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils -PreReq: %insserv_prereq %fillup_prereq +PreReq: %fillup_prereq %description Kerberos V5 is a trusted-third-party network authentication system, @@ -200,6 +204,7 @@ %patch13 -p0 %patch14 -p1 %patch15 -p1 +%patch16 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.3rs6QU/_old 2014-07-27 08:25:46.0 +0200 +++ /var/tmp/diff_new_pack.3rs6QU/_new 2014-07-27 08:25:46.0 +0200 @@ -35,6 +35,7 @@ Summary:MIT Kerberos5 Implementation--Libraries License:MIT Group: Productivity/Networking/Security +Obsoletes: krb5-plugin-preauth-pkinit-nss %if ! 0%{?build_mini} BuildRequires: doxygen BuildRequires: libopenssl-devel @@ -47,6 +48,8 @@ %if 0%{?suse_version} = 1210 BuildRequires: pkgconfig(systemd) %{?systemd_requires} +%else +PreReq: %insserv_prereq %endif # bug437293 %ifarch ppc64 @@ -80,9 +83,10 @@ Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch Patch15:krb5-master-keyring-kdcsync.patch +Patch16:krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils -PreReq: %insserv_prereq %fillup_prereq +PreReq:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-02-19 11:39:16 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-01-29 07:15:28.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-02-19 11:39:17.0 +0100 @@ -1,0 +2,5 @@ +Tue Feb 18 15:27:15 UTC 2014 - ckornac...@suse.com + +- don't deliver SysV init files to systemd distributions + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-01-29 07:15:28.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-02-19 11:39:17.0 +0100 @@ -1,0 +2,5 @@ +Tue Feb 18 15:25:57 UTC 2014 - ckornac...@suse.com + +- don't deliver SysV init files to systemd distributions + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.5p67U2/_old 2014-02-19 11:39:18.0 +0100 +++ /var/tmp/diff_new_pack.5p67U2/_new 2014-02-19 11:39:18.0 +0100 @@ -46,6 +46,7 @@ BuildRequires: python-lxml %if 0%{?suse_version} = 1210 BuildRequires: pkgconfig(systemd) +%{?systemd_requires} %endif # bug437293 %ifarch ppc64 @@ -287,17 +288,18 @@ done # and binaries too chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu -# install init scripts -mkdir -p %{buildroot}%{_sysconfdir}/init.d -install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind -install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc -install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd # install systemd files %if 0%{?suse_version} = 1210 mkdir -p %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/krb5kdc.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kpropd.service %{buildroot}%{_unitdir} +%else +# install init scripts +mkdir -p %{buildroot}%{_sysconfdir}/init.d +install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind +install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc +install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates @@ -310,9 +312,21 @@ # create rc* links mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/sbin/ +%if 0%{?suse_version} = 1210 +%if 0%{?suse_version} 1220 +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckadmind +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckrb5kdc +ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckpropd +%else +ln -s /sbin/service %{buildroot}%{_sbindir}/rckadmind +ln -s /sbin/service %{buildroot}%{_sbindir}/rckrb5kdc +ln -s /sbin/service %{buildroot}%{_sbindir}/rcpropd +%endif +%else ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/sbin/rckadmind ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/sbin/rckrb5kdc ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/sbin/rckpropd +%endif # create links for kinit and klist, because of the java ones ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist @@ -487,11 +501,12 @@ %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_var}/adm/fillup-templates/sysconfig.* -%{_sysconfdir}/init.d/* %if 0%{?suse_version} = 1210 %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service +%else +%{_sysconfdir}/init.d/* %endif %{_libdir}/libgssapi_krb5.* %{_libdir}/libgssrpc.so.* @@ -580,13 +595,14 @@ %defattr(-,root,root) %attr(0700,root,root) %dir /var/log/krb5 %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server -%{_sysconfdir}/init.d/kadmind -%{_sysconfdir}/init.d/krb5kdc -%{_sysconfdir}/init.d/kpropd %if 0%{?suse_version} = 1210 %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service +%else +%{_sysconfdir}/init.d/kadmind +%{_sysconfdir}/init.d/krb5kdc +%{_sysconfdir}/init.d/kpropd %endif %dir %{krb5docdir} %dir /usr/lib/mit ++ krb5.spec ++ --- /var/tmp/diff_new_pack.5p67U2/_old 2014-02-19 11:39:18.0 +0100 +++ /var/tmp/diff_new_pack.5p67U2/_new 2014-02-19 11:39:18.0 +0100 @@ -46,6 +46,7 @@ BuildRequires: python-lxml %if 0%{?suse_version} = 1210 BuildRequires: pkgconfig(systemd) +%{?systemd_requires}
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-01-29 07:15:26 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2014-01-23 15:46:48.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-01-29 07:15:28.0 +0100 @@ -1,0 +2,21 @@ +Tue Jan 21 14:28:05 UTC 2014 - ckornac...@suse.com + +- update to version 1.12.1 + * Make KDC log service principal names more consistently during +some error conditions, instead of unknown server + * Fix several bugs related to building AES-NI support on less +common configurations + * Fix several bugs related to keyring credential caches +- upstream obsoletes: + krb5-1.12-copy_context.patch + krb5-1.12-enable-NX.patch + krb5-1.12-pic-aes-ni.patch + krb5-master-no-malloc0.patch + krb5-master-ignore-empty-unnecessary-final-token.patch + krb5-master-gss_oid_leak.patch + krb5-master-keytab_close.patch + krb5-master-spnego_error_messages.patch +- Fix Get time offsets for all keyring ccaches + krb5-master-keyring-kdcsync.patch (RT#7820) + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2014-01-23 15:46:48.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-01-29 07:15:28.0 +0100 @@ -1,0 +2,21 @@ +Tue Jan 21 14:23:37 UTC 2014 - ckornac...@suse.com + +- update to version 1.12.1 + * Make KDC log service principal names more consistently during +some error conditions, instead of unknown server + * Fix several bugs related to building AES-NI support on less +common configurations + * Fix several bugs related to keyring credential caches +- upstream obsoletes: + krb5-1.12-copy_context.patch + krb5-1.12-enable-NX.patch + krb5-1.12-pic-aes-ni.patch + krb5-master-no-malloc0.patch + krb5-master-ignore-empty-unnecessary-final-token.patch + krb5-master-gss_oid_leak.patch + krb5-master-keytab_close.patch + krb5-master-spnego_error_messages.patch +- Fix Get time offsets for all keyring ccaches + krb5-master-keyring-kdcsync.patch (RT#7820) + +--- Old: krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch krb5-1.12-pic-aes-ni.patch krb5-1.12.tar.gz krb5-master-gss_oid_leak.patch krb5-master-ignore-empty-unnecessary-final-token.patch krb5-master-keytab_close.patch krb5-master-no-malloc0.patch krb5-master-spnego_error_messages.patch New: krb5-1.12.1.tar.gz krb5-master-keyring-kdcsync.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.7GRjiI/_old 2014-01-29 07:15:29.0 +0100 +++ /var/tmp/diff_new_pack.7GRjiI/_new 2014-01-29 07:15:29.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.12 +%define srcRoot krb5-1.12.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.12 +Version:1.12.1 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -78,14 +78,7 @@ Patch12:krb5-1.12-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch15:krb5-1.12-copy_context.patch -Patch16:krb5-1.12-enable-NX.patch -Patch17:krb5-1.12-pic-aes-ni.patch -Patch18:krb5-master-no-malloc0.patch -Patch19:krb5-master-ignore-empty-unnecessary-final-token.patch -Patch20:krb5-master-gss_oid_leak.patch -Patch21:krb5-master-keytab_close.patch -Patch22:krb5-master-spnego_error_messages.patch +Patch15:krb5-master-keyring-kdcsync.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -206,13 +199,6 @@ %patch13 -p0 %patch14 -p1 %patch15 -p1 -%patch16 -p1 -%patch17 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -p1 -%patch21 -p1 -%patch22 -p1 %build # needs to be re-generated ++ krb5.spec ++ --- /var/tmp/diff_new_pack.7GRjiI/_old 2014-01-29 07:15:29.0 +0100 +++ /var/tmp/diff_new_pack.7GRjiI/_new 2014-01-29 07:15:29.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.12 +%define srcRoot krb5-1.12.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -30,7 +30,7 @@
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2014-01-17 16:40:41 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-11-28 07:27:34.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2014-01-23 15:46:48.0 +0100 @@ -2 +2,46 @@ -Fri Nov 15 13:35:09 UTC 2013 - ckornac...@suse.com +Mon Jan 13 15:40:18 UTC 2014 - ckornac...@suse.com + +- update to version 1.12 + * Add GSSAPI extensions for constructing MIC tokens using IOV lists + * Add a FAST OTP preauthentication module for the KDC which uses +RADIUS to validate OTP token values. + * The AES-based encryption types will use AES-NI instructions +when possible for improved performance. +- revert dependency on libcom_err-mini-devel since it's not yet + available +- update and rebase patches + * krb5-1.10-buildconf.patch - krb5-1.12-buildconf.patch + * krb5-1.11-pam.patch - krb5-1.12-pam.patch + * krb5-1.11-selinux-label.patch - krb5-1.12-selinux-label.patch + * krb5-1.8-api.patch - krb5-1.12-api.patch + * krb5-1.9-ksu-path.patch - krb5-1.12-ksu-path.patch + * krb5-1.9-debuginfo.patch + * krb5-1.9-kprop-mktemp.patch + * krb5-kvno-230379.patch +- added upstream patches + - Fix krb5_copy_context +* krb5-1.12-copy_context.patch + - Mark AESNI files as not needing executable stacks +* krb5-1.12-enable-NX.patch +* krb5-1.12-pic-aes-ni.patch + - Fix memory leak in SPNEGO initiator +* krb5-master-gss_oid_leak.patch + - Fix SPNEGO one-hop interop against old IIS +* krb5-master-ignore-empty-unnecessary-final-token.patch + - Fix GSS krb5 acceptor acquire_cred error handling +* krb5-master-keytab_close.patch + - Avoid malloc(0) in SPNEGO get_input_token +* krb5-master-no-malloc0.patch + - Test SPNEGO error message in t_s4u.py +* krb5-master-spnego_error_messages.patch + +--- +Tue Dec 10 02:43:32 UTC 2013 - nfbr...@suse.com + +- Reduce build dependencies for krb5-mini by removing + doxygen and changing libcom_err-devel to + libcom_err-mini-devel +- Small fix to pre_checkin.sh so krb5-mini.spec is correct. + +--- +Fri Nov 15 13:33:53 UTC 2013 - ckornac...@suse.com --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2013-11-28 07:27:34.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2014-01-23 15:46:48.0 +0100 @@ -1,0 +2,45 @@ +Mon Jan 13 15:37:16 UTC 2014 - ckornac...@suse.com + +- update to version 1.12 + * Add GSSAPI extensions for constructing MIC tokens using IOV lists + * Add a FAST OTP preauthentication module for the KDC which uses +RADIUS to validate OTP token values. + * The AES-based encryption types will use AES-NI instructions +when possible for improved performance. +- revert dependency on libcom_err-mini-devel since it's not yet + available +- update and rebase patches + * krb5-1.10-buildconf.patch - krb5-1.12-buildconf.patch + * krb5-1.11-pam.patch - krb5-1.12-pam.patch + * krb5-1.11-selinux-label.patch - krb5-1.12-selinux-label.patch + * krb5-1.8-api.patch - krb5-1.12-api.patch + * krb5-1.9-ksu-path.patch - krb5-1.12-ksu-path.patch + * krb5-1.9-debuginfo.patch + * krb5-1.9-kprop-mktemp.patch + * krb5-kvno-230379.patch +- added upstream patches + - Fix krb5_copy_context +* krb5-1.12-copy_context.patch + - Mark AESNI files as not needing executable stacks +* krb5-1.12-enable-NX.patch +* krb5-1.12-pic-aes-ni.patch + - Fix memory leak in SPNEGO initiator +* krb5-master-gss_oid_leak.patch + - Fix SPNEGO one-hop interop against old IIS +* krb5-master-ignore-empty-unnecessary-final-token.patch + - Fix GSS krb5 acceptor acquire_cred error handling +* krb5-master-keytab_close.patch + - Avoid malloc(0) in SPNEGO get_input_token +* krb5-master-no-malloc0.patch + - Test SPNEGO error message in t_s4u.py +* krb5-master-spnego_error_messages.patch + +--- +Tue Dec 10 02:43:32 UTC 2013 - nfbr...@suse.com + +- Reduce build dependencies for krb5-mini by removing + doxygen and changing libcom_err-devel to + libcom_err-mini-devel +- Small fix to pre_checkin.sh so krb5-mini.spec is correct. + +--- Old: krb5-1.10-buildconf.patch krb5-1.11-pam.patch krb5-1.11-selinux-label.patch krb5-1.11.4.tar.bz2 krb5-1.8-api.patch krb5-1.9-ksu-path.patch New: krb5-1.12-api.patch krb5-1.12-buildconf.patch krb5-1.12-copy_context.patch krb5-1.12-enable-NX.patch
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-11-28 07:27:28 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-06-25 14:41:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-11-28 07:27:34.0 +0100 @@ -1,0 +2,10 @@ +Fri Nov 15 13:35:09 UTC 2013 - ckornac...@suse.com + +- update to version 1.11.4 + - Fix a KDC null pointer dereference [CVE-2013-1417] that could +affect realms with an uncommon configuration. + - Fix a KDC null pointer dereference [CVE-2013-1418] that could +affect KDCs that serve multiple realms. + - Fix a number of bugs related to KDC master key rollover. + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2013-06-25 14:41:38.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2013-11-28 07:27:34.0 +0100 @@ -1,0 +2,10 @@ +Fri Nov 15 13:33:53 UTC 2013 - ckornac...@suse.com + +- update to version 1.11.4 + - Fix a KDC null pointer dereference [CVE-2013-1417] that could +affect realms with an uncommon configuration. + - Fix a KDC null pointer dereference [CVE-2013-1418] that could +affect KDCs that serve multiple realms. + - Fix a number of bugs related to KDC master key rollover. + +--- Old: krb5-1.11.3.tar.bz2 New: krb5-1.11.4.tar.bz2 Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.uz1IRs/_old 2013-11-28 07:27:35.0 +0100 +++ /var/tmp/diff_new_pack.uz1IRs/_new 2013-11-28 07:27:35.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.11.3 +%define srcRoot krb5-1.11.4 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -31,7 +31,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.11.3 +Version:1.11.4 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5.spec ++ --- /var/tmp/diff_new_pack.uz1IRs/_old 2013-11-28 07:27:35.0 +0100 +++ /var/tmp/diff_new_pack.uz1IRs/_new 2013-11-28 07:27:35.0 +0100 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.11.3 +%define srcRoot krb5-1.11.4 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -31,7 +31,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.11.3 +Version:1.11.4 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT ++ krb5-1.11.3.tar.bz2 - krb5-1.11.4.tar.bz2 ++ /work/SRC/openSUSE:Factory/krb5/krb5-1.11.3.tar.bz2 /work/SRC/openSUSE:Factory/.krb5.new/krb5-1.11.4.tar.bz2 differ: char 11, line 1 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-06-11 06:34:35 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-06-05 11:53:16.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-06-11 09:32:43.0 +0200 @@ -1,0 +2,10 @@ +Sun Jun 9 14:14:48 UTC 2013 - m...@suse.com + +- update to version 1.11.3 + - Fix a UDP ping-pong vulnerability in the kpasswd +(password changing) service. [CVE-2002-2443] + - Improve interoperability with some Windows native PKINIT clients. +- install translation files +- remove outdated configure options + +--- krb5.changes: same change Old: krb5-1.11.2.tar.bz2 New: krb5-1.11.3.tar.bz2 Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.jr1G78/_old 2013-06-11 09:32:44.0 +0200 +++ /var/tmp/diff_new_pack.jr1G78/_new 2013-06-11 09:32:44.0 +0200 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.11.2 +%define srcRoot krb5-1.11.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -31,7 +31,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.11.2 +Version:1.11.3 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -193,8 +193,12 @@ rm -f src/lib/krb5/krb/deltat.c cd src ./util/reconf -CFLAGS=$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC \ +DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME ./configure \ +CC=%{__cc} \ +CFLAGS=$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC -fstack-protector-all \ +CPPFLAGS=-I%{_includedir}/et \ +SS_LIB=-lss \ --prefix=/usr/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ @@ -203,9 +207,9 @@ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ +--localedir=%{_datadir}/locale \ --enable-shared \ --disable-static \ ---enable-kdc-replay-cache \ --enable-dns-for-realm \ --disable-rpath \ %if ! %{build_mini} @@ -220,7 +224,7 @@ --with-selinux \ --with-system-et \ --with-system-ss -make %{?jobs:-j%jobs} +%{__make} %{?_smp_mflags} %if ! 0%{?build_mini} cd doc make %{?jobs:-j%jobs} substhtml @@ -229,11 +233,19 @@ %endif %install + +# Where per-user keytabs live by default. +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/lib/kerberos/krb5/user +mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5 + cd src make DESTDIR=%{buildroot} install cd .. -# Munge the krb5-config script to remove rpaths and CFLAGS. -sed s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g src/krb5-config $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config +# Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks +# of the buildconf patch already conspire to strip out /usr/anything from the +# list of link flags, and it helps prevent file conflicts on multilib systems. +sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config + # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/ @@ -302,9 +314,9 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* -#rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share/examples -rm -rf %{buildroot}/usr/lib/mit/share/locale + +%find_lang mit-krb5 # # krb5(-mini) pre/post/postun @@ -391,7 +403,7 @@ %if %{build_mini} -%files +%files -f mit-krb5.lang %defattr(-,root,root) %dir %{krb5docdir} # add directories @@ -402,6 +414,8 @@ %dir %{_libdir}/krb5/plugins/libkrb5 %dir %{_localstatedir}/lib/kerberos/ %dir %{_localstatedir}/lib/kerberos/krb5kdc +%dir %{_localstatedir}/lib/kerberos/krb5 +%dir %{_localstatedir}/lib/kerberos/krb5/user %attr(0700,root,root) %dir /var/log/krb5 %dir /usr/lib/mit %dir /usr/lib/mit/sbin @@ -473,7 +487,7 @@ %{_mandir}/man8/* %else -%files +%files -f mit-krb5.lang %defattr(-,root,root) %dir %{krb5docdir} # add plugin directories @@ -499,6 +513,7 @@ %files server %defattr(-,root,root) +%attr(0700,root,root) %dir /var/log/krb5 %config(noreplace)
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-06-05 11:53:15 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-05-03 13:37:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-06-05 11:53:16.0 +0200 @@ -1,0 +2,5 @@ +Tue May 28 17:08:01 UTC 2013 - m...@suse.com + +- cleanup systemd files (remove syslog.target) + +--- krb5.changes: same change Other differences: -- krb5.spec: same change ++ vendor-files.tar.bz2 ++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kadmind.service new/vendor-files/kadmind.service --- old/vendor-files/kadmind.service2013-03-22 10:33:12.0 +0100 +++ new/vendor-files/kadmind.service2013-05-28 19:06:50.0 +0200 @@ -1,6 +1,6 @@ [Unit] Description=Kerberos 5 Password-changing and Administration -After=syslog.target network.target +After=network.target ConditionPathExists=!/var/lib/kerberos/krb5kdc/kpropd.acl [Service] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/kpropd.service new/vendor-files/kpropd.service --- old/vendor-files/kpropd.service 2013-03-22 10:34:00.0 +0100 +++ new/vendor-files/kpropd.service 2013-05-28 19:07:00.0 +0200 @@ -1,6 +1,6 @@ [Unit] Description=Kerberos 5 Propagation -After=syslog.target network.target +After=network.target ConditionPathExists=/var/lib/kerberos/krb5kdc/kpropd.acl [Service] diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/vendor-files/krb5kdc.service new/vendor-files/krb5kdc.service --- old/vendor-files/krb5kdc.service2013-03-22 10:33:41.0 +0100 +++ new/vendor-files/krb5kdc.service2013-05-28 19:07:13.0 +0200 @@ -1,6 +1,6 @@ [Unit] Description=Kerberos 5 KDC -After=syslog.target network.target +After=network.target [Service] Type=forking -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-05-03 13:37:02 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5 Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-04-05 09:26:20.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-05-03 13:37:04.0 +0200 @@ -1,0 +2,22 @@ +Fri May 3 09:43:47 CEST 2013 - m...@suse.de + +- let krb5-mini conflict with all main packages + +--- +Thu May 2 16:43:16 CEST 2013 - m...@suse.de + +- add conflicts between krb5-mini and krb5-server + +--- +Sun Apr 28 17:14:36 CEST 2013 - m...@suse.de + +- update to version 1.11.2 + * Incremental propagation could erroneously act as if a slave's +database were current after the slave received a full dump +that failed to load. + * gss_import_sec_context incorrectly set internal state that +identifies whether an imported context is from an interposer +mechanism or from the underlying mechanism. +- upstream fix obsolete krb5-lookup_etypes-leak.patch + +--- krb5.changes: same change Old: krb5-1.11.1.tar.bz2 krb5-lookup_etypes-leak.patch New: krb5-1.11.2.tar.bz2 Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.m92BvP/_old 2013-05-03 13:37:07.0 +0200 +++ /var/tmp/diff_new_pack.m92BvP/_new 2013-05-03 13:37:07.0 +0200 @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.11.1 +%define srcRoot krb5-1.11.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -31,7 +31,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.11.1 +Version:1.11.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -55,6 +55,9 @@ %else # -mini Conflicts: krb5 Conflicts: krb5-client +Conflicts: krb5-server +Conflicts: krb5-plugin-kdb-ldap +Conflicts: krb5-plugin-preauth-pkinit %endif Source: krb5-%{version}.tar.bz2 Source1:vendor-files.tar.bz2 @@ -74,7 +77,6 @@ Patch12:krb5-1.11-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch15:krb5-lookup_etypes-leak.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -185,7 +187,6 @@ %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch15 -p1 %build # needs to be re-generated @@ -385,6 +386,7 @@ /usr/lib/mit/sbin/krb5-send-pr /usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* +%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} ++ krb5.spec ++ --- /var/tmp/diff_new_pack.m92BvP/_old 2013-05-03 13:37:07.0 +0200 +++ /var/tmp/diff_new_pack.m92BvP/_new 2013-05-03 13:37:07.0 +0200 @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.11.1 +%define srcRoot krb5-1.11.2 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -31,7 +31,7 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version:1.11.1 +Version:1.11.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries License:MIT @@ -55,6 +55,9 @@ %else # -mini Conflicts: krb5 Conflicts: krb5-client +Conflicts: krb5-server +Conflicts: krb5-plugin-kdb-ldap +Conflicts: krb5-plugin-preauth-pkinit %endif Source: krb5-%{version}.tar.bz2 Source1:vendor-files.tar.bz2 @@ -74,7 +77,6 @@ Patch12:krb5-1.11-selinux-label.patch Patch13:krb5-1.9-debuginfo.patch Patch14:krb5-kvno-230379.patch -Patch15:krb5-lookup_etypes-leak.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -185,7 +187,6 @@ %patch12 -p1 %patch13 -p0 %patch14 -p1 -%patch15 -p1 %build # needs to be re-generated @@ -385,6 +386,7 @@ /usr/lib/mit/sbin/krb5-send-pr /usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* +%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} ++ krb5-1.11.1.tar.bz2 - krb5-1.11.2.tar.bz2 ++
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-03-08 10:50:13 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2013-01-24 10:17:04.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-03-08 10:50:15.0 +0100 @@ -1,0 +2,19 @@ +Wed Mar 6 12:01:32 CET 2013 - m...@suse.de + +- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() + CVE-2012-1016 (bnc#807556) + bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif + +--- +Mon Mar 4 11:23:10 CET 2013 - m...@suse.de + +- fix PKINIT null pointer deref + CVE-2013-1415 (bnc#806715) + bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif + +--- +Fri Jan 25 15:29:37 CET 2013 - m...@suse.de + +- package missing file (bnc#794784) + +--- @@ -5,0 +25,5 @@ + +--- +Tue Oct 16 19:35:47 UTC 2012 - co...@suse.com + +- revert the -p usage in %postun to fix SLE build --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2013-01-29 14:11:44.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2013-03-08 10:50:15.0 +0100 @@ -1,0 +2,14 @@ +Wed Mar 6 12:01:32 CET 2013 - m...@suse.de + +- fix PKINIT null pointer deref in pkinit_check_kdc_pkid() + CVE-2012-1016 (bnc#807556) + bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif + +--- +Mon Mar 4 11:23:10 CET 2013 - m...@suse.de + +- fix PKINIT null pointer deref + CVE-2013-1415 (bnc#806715) + bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif + +--- New: bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.20oXSN/_old 2013-03-08 10:50:18.0 +0100 +++ /var/tmp/diff_new_pack.20oXSN/_new 2013-03-08 10:50:18.0 +0100 @@ -66,6 +66,8 @@ Patch20:krb5-1.10-gcc47.patch Patch21:krb5-1.10-selinux-label.patch Patch22:krb5-1.10-spin-loop.patch +Patch23:bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif +Patch24:bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -161,6 +163,8 @@ %patch19 -p1 %patch20 %patch22 -p1 +%patch23 -p1 +%patch24 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do @@ -275,16 +279,16 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* -rm -rf /usr/lib/mit/share -rm -rf %{buildroot}/usr/lib/mit/share - +rm -rf %{buildroot}/usr/lib/mit/share/examples +rm -rf %{buildroot}/usr/lib/mit/share/locale # # krb5(-mini) pre/post/postun # %post -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig %if ! %{build_mini} @@ -326,7 +330,8 @@ %post plugin-kdb-ldap -p /sbin/ldconfig -%postun plugin-kdb-ldap -p /sbin/ldconfig +%postun plugin-kdb-ldap +/sbin/ldconfig %endif @@ -339,6 +344,7 @@ %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so @@ -354,6 +360,7 @@ %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr +/usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.20oXSN/_old 2013-03-08 10:50:18.0 +0100 +++ /var/tmp/diff_new_pack.20oXSN/_new 2013-03-08 10:50:18.0 +0100 @@ -66,6 +66,8 @@ Patch20:krb5-1.10-gcc47.patch Patch21:krb5-1.10-selinux-label.patch Patch22:krb5-1.10-spin-loop.patch +Patch23:bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif +Patch24:bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch,
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-01-29 14:11:41 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: krb5-mini.changes: same change --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2013-01-24 10:17:04.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2013-01-29 14:11:44.0 +0100 @@ -1,0 +2,5 @@ +Fri Jan 25 15:29:37 CET 2013 - m...@suse.de + +- package missing file (bnc#794784) + +--- Other differences: -- krb5-mini.spec: same change ++ krb5.spec ++ --- /var/tmp/diff_new_pack.RiA0f3/_old 2013-01-29 14:11:49.0 +0100 +++ /var/tmp/diff_new_pack.RiA0f3/_new 2013-01-29 14:11:49.0 +0100 @@ -275,9 +275,8 @@ # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* -rm -rf /usr/lib/mit/share -rm -rf %{buildroot}/usr/lib/mit/share - +rm -rf %{buildroot}/usr/lib/mit/share/examples +rm -rf %{buildroot}/usr/lib/mit/share/locale # # krb5(-mini) pre/post/postun # @@ -341,6 +340,7 @@ %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so @@ -356,6 +356,7 @@ %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr +/usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2013-01-24 10:17:03 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-10-18 21:52:58.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2013-01-24 10:17:04.0 +0100 @@ -1,0 +2,6 @@ +Tue Jan 22 13:55:52 UTC 2013 - lchiqui...@suse.com + +- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc + (bnc#793336) + +--- krb5.changes: same change New: krb5-1.10-spin-loop.patch Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.gYdrxy/_old 2013-01-24 10:17:06.0 +0100 +++ /var/tmp/diff_new_pack.gYdrxy/_new 2013-01-24 10:17:06.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-doc # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.gYdrxy/_old 2013-01-24 10:17:06.0 +0100 +++ /var/tmp/diff_new_pack.gYdrxy/_new 2013-01-24 10:17:06.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -65,6 +65,7 @@ Patch19:krb5-1.9-ksu-path.patch Patch20:krb5-1.10-gcc47.patch Patch21:krb5-1.10-selinux-label.patch +Patch22:krb5-1.10-spin-loop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -159,6 +160,7 @@ %patch18 -p1 %patch19 -p1 %patch20 +%patch22 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++ krb5.spec ++ --- /var/tmp/diff_new_pack.gYdrxy/_old 2013-01-24 10:17:06.0 +0100 +++ /var/tmp/diff_new_pack.gYdrxy/_new 2013-01-24 10:17:06.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -65,6 +65,7 @@ Patch19:krb5-1.9-ksu-path.patch Patch20:krb5-1.10-gcc47.patch Patch21:krb5-1.10-selinux-label.patch +Patch22:krb5-1.10-spin-loop.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -159,6 +160,7 @@ %patch18 -p1 %patch19 -p1 %patch20 +%patch22 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++ krb5-1.10-spin-loop.patch ++ commit 2b06a22f7fd8ec01fb27a7335125290b8ceb6f18 Author: Greg Hudson ghud...@mit.edu Date: Thu Nov 29 01:58:13 2012 -0500 Fix spin-loop bug in k5_sendto_kdc In the second part of the first pass over the server list, we passed the wrong list pointer to service_fds, causing it to see only a subset of the server entries corresponding to sel_state. This could cause service_fds to spin if an event is reported on an fd not in the subset. ticket: 7454 target_version: 1.10.4 tags: pullup Index: krb5-1.10.2/src/lib/krb5/os/sendto_kdc.c === --- krb5-1.10.2.orig/src/lib/krb5/os/sendto_kdc.c +++ krb5-1.10.2/src/lib/krb5/os/sendto_kdc.c @@ -1287,7 +1287,7 @@ k5_sendto(krb5_context context, const kr continue; if (maybe_send(context, state, sel_state, callback_info)) continue; -done = service_fds(context, sel_state, 1, state, seltemp, msg_handler, +done = service_fds(context, sel_state, 1, conns, seltemp, msg_handler, msg_handler_data, winner); } -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-10-18 21:52:56 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-10-16 07:07:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-10-18 21:52:58.0 +0200 @@ -1,0 +2,5 @@ +Tue Oct 16 12:05:00 UTC 2012 - co...@suse.com + +- buildrequire systemd by pkgconfig provide to get systemd-mini + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2012-10-16 07:07:01.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2012-10-18 21:52:58.0 +0200 @@ -1,0 +2,10 @@ +Tue Oct 16 19:35:47 UTC 2012 - co...@suse.com + +- revert the -p usage in %postun to fix SLE build + +--- +Tue Oct 16 12:05:00 UTC 2012 - co...@suse.com + +- buildrequire systemd by pkgconfig provide to get systemd-mini + +--- Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.NtA997/_old 2012-10-18 21:53:00.0 +0200 +++ /var/tmp/diff_new_pack.NtA997/_new 2012-10-18 21:53:00.0 +0200 @@ -40,7 +40,7 @@ BuildRequires: openldap2-devel BuildRequires: pam-devel %if 0%{?suse_version} = 1210 -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) %endif # bug437293 %ifarch ppc64 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.NtA997/_old 2012-10-18 21:53:00.0 +0200 +++ /var/tmp/diff_new_pack.NtA997/_new 2012-10-18 21:53:00.0 +0200 @@ -40,7 +40,7 @@ BuildRequires: openldap2-devel BuildRequires: pam-devel %if 0%{?suse_version} = 1210 -BuildRequires: systemd +BuildRequires: pkgconfig(systemd) %endif # bug437293 %ifarch ppc64 @@ -282,7 +282,8 @@ %post -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig %if ! %{build_mini} @@ -324,7 +325,8 @@ %post plugin-kdb-ldap -p /sbin/ldconfig -%postun plugin-kdb-ldap -p /sbin/ldconfig +%postun plugin-kdb-ldap +/sbin/ldconfig %endif -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-10-16 07:06:59 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-10-06 08:19:21.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-10-16 07:07:01.0 +0200 @@ -1,0 +2,5 @@ +Sat Oct 13 16:50:59 UTC 2012 - co...@suse.com + +- do not require systemd in krb5-mini + +--- krb5.changes: same change Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.I7qXeO/_old 2012-10-16 07:07:04.0 +0200 +++ /var/tmp/diff_new_pack.I7qXeO/_new 2012-10-16 07:07:04.0 +0200 @@ -30,9 +30,6 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -%if 0%{?suse_version} = 1210 -BuildRequires: systemd -%endif Version:1.10.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries @@ -42,6 +39,9 @@ BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +%if 0%{?suse_version} = 1210 +BuildRequires: systemd +%endif # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -275,43 +275,16 @@ rm -f /usr/share/man/man1/tmac.doc* rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share -# -# krb5-mini-devel pre/post/postun -# -%if %{build_mini} -%preun -%if 0%{?suse_version} = 1210 -%service_del_preun krb5kdc.service kadmind.service kpropd.service -%else -%stop_on_removal krb5kdc kadmind kpropd -%endif - -%postun -/sbin/ldconfig -%if 0%{?suse_version} = 1210 -%service_del_postun krb5kdc.service kadmind.service kpropd.service -%else -%restart_on_update krb5kdc kadmind kpropd -%{insserv_cleanup} -%endif - -%post -/sbin/ldconfig -%if 0%{?suse_version} = 1210 -%service_add_post krb5kdc.service kadmind.service kpropd.service -%endif - -%else # -# krb5 pre/post/postun +# krb5(-mini) pre/post/postun # -%post -/sbin/ldconfig +%post -p /sbin/ldconfig -%postun -/sbin/ldconfig +%postun -p /sbin/ldconfig + +%if ! %{build_mini} # # krb5-server preun/postun/pre/post @@ -349,11 +322,9 @@ # krb5-plugin-kdb-ldap post/postun # -%post plugin-kdb-ldap -/sbin/ldconfig +%post plugin-kdb-ldap -p /sbin/ldconfig -%postun plugin-kdb-ldap -/sbin/ldconfig +%postun plugin-kdb-ldap -p /sbin/ldconfig %endif @@ -412,9 +383,6 @@ %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_var}/adm/fillup-templates/sysconfig.* %{_sysconfdir}/init.d/* -%if 0%{?suse_version} = 1210 -%{_unitdir}/*.service -%endif %{_libdir}/libgssapi_krb5.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* @@ -426,9 +394,6 @@ %{_libdir}/libverto.so.* %{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* -%if ! 0%{?build_mini} -%{_libdir}/krb5/plugins/preauth/* -%endif #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind ++ krb5.spec ++ --- /var/tmp/diff_new_pack.I7qXeO/_old 2012-10-16 07:07:04.0 +0200 +++ /var/tmp/diff_new_pack.I7qXeO/_new 2012-10-16 07:07:04.0 +0200 @@ -30,9 +30,6 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -%if 0%{?suse_version} = 1210 -BuildRequires: systemd -%endif Version:1.10.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries @@ -42,6 +39,9 @@ BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +%if 0%{?suse_version} = 1210 +BuildRequires: systemd +%endif # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -275,43 +275,16 @@ rm -f /usr/share/man/man1/tmac.doc* rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share -# -# krb5-mini-devel pre/post/postun -# -%if %{build_mini} -%preun -%if 0%{?suse_version} = 1210 -%service_del_preun krb5kdc.service kadmind.service kpropd.service -%else -%stop_on_removal krb5kdc kadmind kpropd -%endif - -%postun -/sbin/ldconfig -%if 0%{?suse_version} = 1210 -%service_del_postun krb5kdc.service kadmind.service kpropd.service -%else -%restart_on_update krb5kdc kadmind kpropd -%{insserv_cleanup}
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-10-06 08:19:14 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-06-13 17:07:35.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-10-06 08:19:21.0 +0200 @@ -1,0 +2,6 @@ +Fri Oct 5 15:50:38 CEST 2012 - m...@suse.de + +- add systemd service files for kadmind, krb5kdc and kpropd +- add sysconfig templates for kadmind and krb5kdc + +--- krb5.changes: same change Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.r9DOkG/_old 2012-10-06 08:19:22.0 +0200 +++ /var/tmp/diff_new_pack.r9DOkG/_new 2012-10-06 08:19:22.0 +0200 @@ -30,6 +30,9 @@ BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel +%if 0%{?suse_version} = 1210 +BuildRequires: systemd +%endif Version:1.10.2 Release:0 Summary:MIT Kerberos5 Implementation--Libraries @@ -89,6 +92,7 @@ Requires: cron Requires: logrotate Requires: perl-Date-Calc +%{?systemd_requires} PreReq: %insserv_prereq %fillup_prereq %description server @@ -235,15 +239,27 @@ install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd +# install systemd files +%if 0%{?suse_version} = 1210 +mkdir -p %{buildroot}%{_unitdir} +install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir} +install -m 644 %{vendorFiles}/krb5kdc.service %{buildroot}%{_unitdir} +install -m 644 %{vendorFiles}/kpropd.service %{buildroot}%{_unitdir} +%endif +# install sysconfig templates +mkdir -p $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates +install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ +install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_var}/adm/fillup-templates/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server find . -type f -name '*.ps' -exec gzip -9 {} \; # create rc* links mkdir -p %{buildroot}/usr/bin/ -ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind -ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc -ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd +mkdir -p %{buildroot}/usr/sbin/ +ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/sbin/rckadmind +ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/sbin/rckrb5kdc +ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/sbin/rckpropd # create links for kinit and klist, because of the java ones ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist @@ -265,39 +281,80 @@ %if %{build_mini} %preun +%if 0%{?suse_version} = 1210 +%service_del_preun krb5kdc.service kadmind.service kpropd.service +%else %stop_on_removal krb5kdc kadmind kpropd +%endif %postun /sbin/ldconfig +%if 0%{?suse_version} = 1210 +%service_del_postun krb5kdc.service kadmind.service kpropd.service +%else %restart_on_update krb5kdc kadmind kpropd %{insserv_cleanup} +%endif + +%post +/sbin/ldconfig +%if 0%{?suse_version} = 1210 +%service_add_post krb5kdc.service kadmind.service kpropd.service +%endif -%post -p /sbin/ldconfig %else # # krb5 pre/post/postun # -%post -p /sbin/ldconfig +%post +/sbin/ldconfig -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig -%preun server # -# krb5-server preun/postun +# krb5-server preun/postun/pre/post # + +%preun server +%if 0%{?suse_version} = 1210 +%service_del_preun krb5kdc.service kadmind.service kpropd.service +%else %stop_on_removal krb5kdc kadmind kpropd +%endif %postun server +%if 0%{?suse_version} = 1210 +%service_del_postun krb5kdc.service kadmind.service kpropd.service +%else %restart_on_update krb5kdc kadmind kpropd %{insserv_cleanup} +%endif + +%post server +%if 0%{?suse_version} = 1210 +%service_add_post krb5kdc.service kadmind.service kpropd.service +%endif +%{fillup_only -n kadmind} +%{fillup_only -n krb5kdc} +%{fillup_only -n kpropd} +
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-09-04 01:33:28 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-doc.changes2012-06-10 21:52:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-doc.changes 2012-09-04 01:33:29.0 +0200 @@ -1,0 +2,5 @@ +Mon Sep 3 14:34:35 UTC 2012 - idon...@suse.com + +- Build depend on texinfo texlive-dvips to fix the build + +--- krb5.changes: same change Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.GvA4X3/_old 2012-09-04 01:33:32.0 +0200 +++ /var/tmp/diff_new_pack.GvA4X3/_new 2012-09-04 01:33:32.0 +0200 @@ -18,8 +18,8 @@ Name: krb5-doc BuildRequires: ghostscript-library -BuildRequires: latex2html -BuildRequires: texlive +BuildRequires: texinfo +BuildRequires: texlive-dvips Version:1.10.2 Release:0 %define srcRoot krb5-1.10.2 krb5.spec: same change -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-06-13 17:07:30 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-06-10 21:52:56.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-06-13 17:07:35.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 13 08:40:56 UTC 2012 - co...@suse.com + +- fix %files section for krb5-mini + +--- krb5.changes: same change Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.ODQMb1/_old 2012-06-13 17:07:37.0 +0200 +++ /var/tmp/diff_new_pack.ODQMb1/_new 2012-06-13 17:07:37.0 +0200 @@ -71,15 +71,6 @@ which can improve your network's security by eliminating the insecure practice of clear text passwords. - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %if ! %{build_mini} %package client @@ -92,15 +83,6 @@ practice of cleartext passwords. This package includes some required client programs, like kinit, kadmin, ... - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %package server Summary:MIT Kerberos5 implementation - server Group: Productivity/Networking/Security @@ -115,15 +97,6 @@ practice of cleartext passwords. This package includes the kdc, kadmind and more. - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %package plugin-kdb-ldap Summary:MIT Kerberos5 Implementation--LDAP Database Plugin Group: Productivity/Networking/Security @@ -135,15 +108,6 @@ practice of clear text passwords. This package contains the LDAP database plugin. - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %package plugin-preauth-pkinit Summary:MIT Kerberos5 Implementation--PKINIT preauth Plugin Group: Productivity/Networking/Security @@ -153,15 +117,6 @@ which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %endif #! build_mini %package devel @@ -185,15 +140,6 @@ practice of cleartext passwords. This package includes Libraries and Include Files for Development - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} @@ -354,8 +300,6 @@ %postun plugin-kdb-ldap -p /sbin/ldconfig %endif -%clean -rm -rf %{buildroot} # files sections @@ -420,7 +364,9 @@ %{_libdir}/libverto.so.* %{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* +%if ! 0%{?build_mini} %{_libdir}/krb5/plugins/preauth/* +%endif #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind @@ -465,6 +411,7 @@ %{_mandir}/man1/kswitch.1* %{_mandir}/man5/* %{_mandir}/man5/.k5login.5.gz +%{_mandir}/man5/.k5identity.5* %{_mandir}/man8/* %else ++ krb5.spec ++ --- /var/tmp/diff_new_pack.ODQMb1/_old 2012-06-13 17:07:37.0 +0200 +++ /var/tmp/diff_new_pack.ODQMb1/_new 2012-06-13 17:07:37.0 +0200 @@ -71,15 +71,6 @@ which can improve your network's security by eliminating the insecure practice of clear text passwords. - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %if ! %{build_mini} %package client @@ -92,15 +83,6 @@ practice of cleartext passwords. This package includes some required client programs, like kinit, kadmin, ... - - -Authors: - -The MIT Kerberos Team -Sam Hartman hartm...@mit.edu -Ken Raeburn raeb...@mit.edu -Tom Yu t...@mit.edu - %package server Summary:MIT Kerberos5 implementation - server Group: Productivity/Networking/Security @@ -115,15 +97,6 @@ practice of cleartext passwords. This package includes the kdc, kadmind and more. - - -Authors: - -The MIT
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-06-10 20:20:57 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-doc.changes2011-09-23 02:07:15.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-doc.changes 2012-06-10 21:52:56.0 +0200 @@ -1,0 +2,5 @@ +Wed Jun 6 17:34:26 CEST 2012 - m...@suse.de + +- update to version 1.10.2 + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-02-15 16:16:12.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-06-10 21:52:56.0 +0200 @@ -2 +2 @@ -Tue Jan 31 15:32:51 CET 2012 - meiss...@suse.de +Thu Jun 7 11:39:18 UTC 2012 - m...@suse.de @@ -4 +4,61 @@ -- fix License in krb5-mini +- fix gcc47 issues + +--- +Wed Jun 6 16:25:41 CEST 2012 - m...@suse.de + +- update to version 1.10.2 + obsolte patches: + * krb5-1.7-nodeplibs.patch + * krb5-1.9.1-ai_addrconfig.patch + * krb5-1.9.1-ai_addrconfig2.patch + * krb5-1.9.1-sendto_poll.patch + * krb5-1.9-canonicalize-fallback.patch + * krb5-1.9-paren.patch + * krb5-klist_s.patch + * krb5-pkinit-cms2.patch + * krb5-trunk-chpw-err.patch + * krb5-trunk-gss_delete_sec.patch + * krb5-trunk-kadmin-oldproto.patch + * krb5-1.9-MITKRB5-SA-2011-006.dif + * krb5-1.9-gss_display_status-iakerb.patch + * krb5-1.9.1-sendto_poll2.patch + * krb5-1.9.1-sendto_poll3.patch + * krb5-1.9-MITKRB5-SA-2011-007.dif +- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain + Controllers. +- Update a workaround for a glibc bug that would cause DNS PTR queries + to occur even when rdns = false. +- Fix a kadmind denial of service issue (null pointer dereference), + which could only be triggered by an administrator with the create + privilege. [CVE-2012-1013] +- Fix access controls for KDB string attributes [CVE-2012-1012] +- Make the ASN.1 encoding of key version numbers interoperate with + Windows Read-Only Domain Controllers +- Avoid generating spurious password expiry warnings in cases where + the KDC sends an account expiry time without a password expiry time +- Make PKINIT work with FAST in the client library. +- Add the DIR credential cache type, which can hold a collection of + credential caches. +- Enhance kinit, klist, and kdestroy to support credential cache + collections if the cache type supports it. +- Add the kswitch command, which changes the selected default cache + within a collection. +- Add heuristic support for choosing client credentials based on + the service realm. +- Add support for $HOME/.k5identity, which allows credential + choice based on configured rules. + +--- +Sun Feb 26 22:23:15 UTC 2012 - stefan.bru...@rwth-aachen.de + +- add autoconf macro to devel subpackage + +--- +Tue Jan 31 15:33:05 CET 2012 - meiss...@suse.de + +- fix license in krb5-mini + +--- +Tue Dec 20 20:57:26 UTC 2011 - co...@suse.com + +- add autoconf as buildrequire to avoid implicit dependency --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2012-03-01 07:25:14.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2012-06-10 21:52:56.0 +0200 @@ -1,0 +2,50 @@ +Thu Jun 7 11:39:18 UTC 2012 - m...@suse.de + +- fix gcc47 issues + +--- +Wed Jun 6 16:25:41 CEST 2012 - m...@suse.de + +- update to version 1.10.2 + obsolte patches: + * krb5-1.7-nodeplibs.patch + * krb5-1.9.1-ai_addrconfig.patch + * krb5-1.9.1-ai_addrconfig2.patch + * krb5-1.9.1-sendto_poll.patch + * krb5-1.9-canonicalize-fallback.patch + * krb5-1.9-paren.patch + * krb5-klist_s.patch + * krb5-pkinit-cms2.patch + * krb5-trunk-chpw-err.patch + * krb5-trunk-gss_delete_sec.patch + * krb5-trunk-kadmin-oldproto.patch + * krb5-1.9-MITKRB5-SA-2011-006.dif + * krb5-1.9-gss_display_status-iakerb.patch + * krb5-1.9.1-sendto_poll2.patch + * krb5-1.9.1-sendto_poll3.patch + * krb5-1.9-MITKRB5-SA-2011-007.dif +- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain + Controllers. +- Update a workaround for a glibc bug that would cause DNS PTR queries + to occur even when rdns = false. +- Fix a kadmind denial of service issue (null pointer dereference), + which could only be triggered by an administrator with the create + privilege. [CVE-2012-1013] +- Fix access controls for KDB string attributes
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-03-01 07:25:10 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: krb5-mini.changes: same change --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2012-02-15 16:16:12.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2012-03-01 07:25:14.0 +0100 @@ -1,0 +2,5 @@ +Sun Feb 26 22:23:15 UTC 2012 - stefan.bru...@rwth-aachen.de + +- add autoconf macro to devel subpackage + +--- Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.FJRq85/_old 2012-03-01 07:25:16.0 +0100 +++ /var/tmp/diff_new_pack.FJRq85/_new 2012-03-01 07:25:16.0 +0100 @@ -16,6 +16,7 @@ # + Name: krb5-doc BuildRequires: ghostscript-library BuildRequires: latex2html ++ krb5.spec ++ --- /var/tmp/diff_new_pack.FJRq85/_old 2012-03-01 07:25:16.0 +0100 +++ /var/tmp/diff_new_pack.FJRq85/_new 2012-03-01 07:25:16.0 +0100 @@ -282,6 +282,9 @@ cd .. # Munge the krb5-config script to remove rpaths and CFLAGS. sed s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g src/krb5-config $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config +# install autoconf macro +mkdir -p %{buildroot}/%{_datadir}/aclocal +install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/ # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc @@ -389,6 +392,7 @@ %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt_mit.so @@ -403,6 +407,7 @@ /usr/lib/mit/sbin/krb5-send-pr %{_mandir}/man1/krb5-send-pr.1* %{_mandir}/man1/krb5-config.1* +%{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} %files -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-02-15 16:15:33 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2012-01-06 11:45:10.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-02-15 16:16:12.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 31 15:32:51 CET 2012 - meiss...@suse.de + +- fix License in krb5-mini + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2012-01-06 11:45:10.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2012-02-15 16:16:12.0 +0100 @@ -1,0 +2,5 @@ +Tue Jan 31 15:33:05 CET 2012 - meiss...@suse.de + +- fix license in krb5-mini + +--- Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.Mglm7H/_old 2012-02-15 16:16:13.0 +0100 +++ /var/tmp/diff_new_pack.Mglm7H/_new 2012-02-15 16:16:13.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-doc # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.Mglm7H/_old 2012-02-15 16:16:13.0 +0100 +++ /var/tmp/diff_new_pack.Mglm7H/_new 2012-02-15 16:16:13.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,9 @@ BuildRequires: ncurses-devel Version:1.9.1 Release:0 +Summary:MIT Kerberos5 Implementation--Libraries +License:MIT +Group: Productivity/Networking/Security %if ! 0%{?build_mini} BuildRequires: libopenssl-devel BuildRequires: openldap2-devel @@ -41,12 +44,6 @@ Obsoletes: krb5-64bit %endif # -Summary:MIT Kerberos5 Implementation--Libraries -License:MIT -Group: Productivity/Networking/Security -%else -Summary:MIT Kerberos5 Implementation--Libraries -Group: Productivity/Networking/Security %endif Source: krb5-1.9.1.tar.bz2 Source1:vendor-files.tar.bz2 ++ krb5.spec ++ --- /var/tmp/diff_new_pack.Mglm7H/_old 2012-02-15 16:16:13.0 +0100 +++ /var/tmp/diff_new_pack.Mglm7H/_new 2012-02-15 16:16:13.0 +0100 @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -32,6 +32,9 @@ BuildRequires: ncurses-devel Version:1.9.1 Release:0 +Summary:MIT Kerberos5 Implementation--Libraries +License:MIT +Group: Productivity/Networking/Security %if ! 0%{?build_mini} BuildRequires: libopenssl-devel BuildRequires: openldap2-devel @@ -41,12 +44,6 @@ Obsoletes: krb5-64bit %endif # -Summary:MIT Kerberos5 Implementation--Libraries -License:MIT -Group: Productivity/Networking/Security -%else -Summary:MIT Kerberos5 Implementation--Libraries -Group: Productivity/Networking/Security %endif Source: krb5-1.9.1.tar.bz2 Source1:vendor-files.tar.bz2 -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2012-01-06 11:45:08 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2011-12-12 17:02:16.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2012-01-06 11:45:10.0 +0100 @@ -1,0 +2,5 @@ +Tue Dec 20 11:01:39 UTC 2011 - co...@suse.com + +- remove call to suse_update_config, very old work around + +--- @@ -12 +17 @@ - (RT#6951) + (RT#6951, bnc#731648) --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2011-12-12 17:02:16.0 +0100 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2012-01-06 11:45:10.0 +0100 @@ -1,0 +2,10 @@ +Tue Dec 20 20:57:26 UTC 2011 - co...@suse.com + +- add autoconf as buildrequire to avoid implicit dependency + +--- +Tue Dec 20 11:01:39 UTC 2011 - co...@suse.com + +- remove call to suse_update_config, very old work around + +--- Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.bhKlfM/_old 2012-01-06 11:45:12.0 +0100 +++ /var/tmp/diff_new_pack.bhKlfM/_new 2012-01-06 11:45:12.0 +0100 @@ -15,18 +15,18 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild - Name: krb5-doc -BuildRequires: ghostscript-library latex2html texlive +BuildRequires: ghostscript-library +BuildRequires: latex2html +BuildRequires: texlive Version:1.9.1 -Release:2 +Release:0 %define srcRoot krb5-1.9.1 Summary:MIT Kerberos5 Implementation--Documentation -License:MIT License (or similar) -Url:http://web.mit.edu/kerberos/www/ +License:MIT Group: Documentation/Other +Url:http://web.mit.edu/kerberos/www/ Source: krb5-%{version}.tar.bz2 Source3:%{name}-rpmlintrc Patch0: krb5-1.3.5-perlfix.dif ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.bhKlfM/_old 2012-01-06 11:45:12.0 +0100 +++ /var/tmp/diff_new_pack.bhKlfM/_new 2012-01-06 11:45:12.0 +0100 @@ -15,7 +15,6 @@ # Please submit bugfixes or comments via http://bugs.opensuse.org/ # -# norootforbuild %define build_mini 1 %define srcRoot krb5-1.9.1 @@ -23,15 +22,19 @@ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini -License:MIT License (or similar) Url:http://web.mit.edu/kerberos/www/ -BuildRequires: bison libcom_err-devel ncurses-devel -BuildRequires: keyutils keyutils-devel +BuildRequires: autoconf +BuildRequires: bison +BuildRequires: keyutils +BuildRequires: keyutils-devel +BuildRequires: libcom_err-devel BuildRequires: libselinux-devel +BuildRequires: ncurses-devel Version:1.9.1 -Release:21 +Release:0 %if ! 0%{?build_mini} -BuildRequires: libopenssl-devel openldap2-devel +BuildRequires: libopenssl-devel +BuildRequires: openldap2-devel BuildRequires: pam-devel # bug437293 %ifarch ppc64 @@ -39,6 +42,7 @@ %endif # Summary:MIT Kerberos5 Implementation--Libraries +License:MIT Group: Productivity/Networking/Security %else Summary:MIT Kerberos5 Implementation--Libraries @@ -97,7 +101,6 @@ %if ! %{build_mini} %package client -License:MIT License (or similar) Summary:MIT Kerberos5 implementation - client programs Group: Productivity/Networking/Security @@ -117,7 +120,6 @@ Tom Yu t...@mit.edu %package server -License:MIT License (or similar) Summary:MIT Kerberos5 implementation - server Group: Productivity/Networking/Security Requires: perl-Date-Calc @@ -140,7 +142,6 @@ Tom Yu t...@mit.edu %package plugin-kdb-ldap -License:MIT License (or similar) Summary:MIT Kerberos5 Implementation--LDAP Database Plugin Group: Productivity/Networking/Security Requires: krb5-server = %{version} @@ -161,7 +162,6 @@ Tom Yu t...@mit.edu %package plugin-preauth-pkinit -License:MIT License (or similar) Summary:MIT Kerberos5 Implementation--PKINIT preauth Plugin Group: Productivity/Networking/Security @@ -182,7 +182,6 @@ %endif #! build_mini %package devel -License:MIT License (or similar) Summary:MIT Kerberos5 - Include Files and Libraries Group: Development/Libraries/C and C++ PreReq:
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at 2011-12-12 16:57:09 Comparing /work/SRC/openSUSE:Factory/krb5 (Old) and /work/SRC/openSUSE:Factory/.krb5.new (New) Package is krb5, Maintainer is m...@suse.com Changes: --- /work/SRC/openSUSE:Factory/krb5/krb5-mini.changes 2011-10-19 14:09:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5-mini.changes 2011-12-12 17:02:16.0 +0100 @@ -1,0 +2,19 @@ +Mon Nov 21 11:24:12 CET 2011 - m...@suse.de + +- fix KDC null pointer dereference in TGS handling + (MITKRB5-SA-2011-007, bnc#730393) + CVE-2011-1530 + +--- +Mon Nov 21 11:11:54 CET 2011 - m...@suse.de + +- fix KDC HA feature introduced with implementing KDC poll + (RT#6951) + +--- +Fri Nov 18 08:35:52 UTC 2011 - rha...@suse.de + +- fix minor error messages for the IAKERB GSSAPI mechanism + (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) + +--- --- /work/SRC/openSUSE:Factory/krb5/krb5.changes2011-10-19 14:09:04.0 +0200 +++ /work/SRC/openSUSE:Factory/.krb5.new/krb5.changes 2011-12-12 17:02:16.0 +0100 @@ -1,0 +2,19 @@ +Mon Nov 21 11:24:12 CET 2011 - m...@suse.de + +- fix KDC null pointer dereference in TGS handling + (MITKRB5-SA-2011-007, bnc#730393) + CVE-2011-1530 + +--- +Mon Nov 21 11:11:54 CET 2011 - m...@suse.de + +- fix KDC HA feature introduced with implementing KDC poll + (RT#6951, bnc#731648) + +--- +Fri Nov 18 08:35:52 UTC 2011 - rha...@suse.de + +- fix minor error messages for the IAKERB GSSAPI mechanism + (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020) + +--- New: krb5-1.9-MITKRB5-SA-2011-007.dif krb5-1.9-gss_display_status-iakerb.patch krb5-1.9.1-sendto_poll2.patch krb5-1.9.1-sendto_poll3.patch Other differences: -- ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.uCrGwX/_old 2011-12-12 17:02:21.0 +0100 +++ /var/tmp/diff_new_pack.uCrGwX/_new 2011-12-12 17:02:21.0 +0100 @@ -72,6 +72,10 @@ Patch25:krb5-trunk-gss_delete_sec.patch Patch26:krb5-trunk-kadmin-oldproto.patch Patch30:krb5-1.9-MITKRB5-SA-2011-006.dif +Patch31:krb5-1.9-gss_display_status-iakerb.patch +Patch32:krb5-1.9.1-sendto_poll2.patch +Patch33:krb5-1.9.1-sendto_poll3.patch +Patch34:krb5-1.9-MITKRB5-SA-2011-007.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -234,6 +238,10 @@ %patch25 -p1 %patch26 %patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++ krb5.spec ++ --- /var/tmp/diff_new_pack.uCrGwX/_old 2011-12-12 17:02:21.0 +0100 +++ /var/tmp/diff_new_pack.uCrGwX/_new 2011-12-12 17:02:21.0 +0100 @@ -72,6 +72,10 @@ Patch25:krb5-trunk-gss_delete_sec.patch Patch26:krb5-trunk-kadmin-oldproto.patch Patch30:krb5-1.9-MITKRB5-SA-2011-006.dif +Patch31:krb5-1.9-gss_display_status-iakerb.patch +Patch32:krb5-1.9.1-sendto_poll2.patch +Patch33:krb5-1.9.1-sendto_poll3.patch +Patch34:krb5-1.9-MITKRB5-SA-2011-007.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -234,6 +238,10 @@ %patch25 -p1 %patch26 %patch30 -p1 +%patch31 -p1 +%patch32 -p1 +%patch33 -p1 +%patch34 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do ++ krb5-1.9-MITKRB5-SA-2011-007.dif ++ diff --git a/src/kdc/Makefile.in b/src/kdc/Makefile.in index f46cad3..102fbaa 100644 --- a/src/kdc/Makefile.in +++ b/src/kdc/Makefile.in @@ -67,6 +67,7 @@ check-unix:: rtest check-pytests:: $(RUNPYTEST) $(srcdir)/t_workers.py $(PYTESTFLAGS) + $(RUNPYTEST) $(srcdir)/t_emptytgt.py $(PYTESTFLAGS) install:: $(INSTALL_PROGRAM) krb5kdc ${DESTDIR}$(SERVER_BINDIR)/krb5kdc diff --git a/src/kdc/do_tgs_req.c b/src/kdc/do_tgs_req.c index c169c54..840a2ef 100644 --- a/src/kdc/do_tgs_req.c +++ b/src/kdc/do_tgs_req.c @@ -243,7 +243,8 @@ tgt_again: if (!tgs_1 || !data_eq(*server_1, *tgs_1))
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at Wed Aug 24 13:36:04 CEST 2011. --- krb5/krb5-mini.changes 2011-08-22 10:17:47.0 +0200 +++ /mounts/work_src_done/STABLE/krb5/krb5-mini.changes 2011-08-23 13:52:41.0 +0200 @@ -1,0 +2,5 @@ +Tue Aug 23 13:52:03 CEST 2011 - m...@suse.de + +- use --without-pam to build krb5-mini + +--- krb5.changes: same change calling whatdependson for head-i586 Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.dvRDXQ/_old 2011-08-24 11:39:04.0 +0200 +++ /var/tmp/diff_new_pack.dvRDXQ/_new 2011-08-24 11:39:04.0 +0200 @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version:1.9.1 -Release:1 +Release:2 %define srcRoot krb5-1.9.1 Summary:MIT Kerberos5 Implementation--Documentation License:MIT License (or similar) ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.dvRDXQ/_old 2011-08-24 11:39:04.0 +0200 +++ /var/tmp/diff_new_pack.dvRDXQ/_new 2011-08-24 11:39:04.0 +0200 @@ -29,7 +29,7 @@ BuildRequires: keyutils keyutils-devel BuildRequires: libselinux-devel Version:1.9.1 -Release:1 +Release:2 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel BuildRequires: pam-devel @@ -265,6 +265,7 @@ --with-selinux \ %else --disable-pkinit \ +--without-pam \ %endif --with-system-et \ --with-system-ss ++ krb5.spec ++ --- /var/tmp/diff_new_pack.dvRDXQ/_old 2011-08-24 11:39:04.0 +0200 +++ /var/tmp/diff_new_pack.dvRDXQ/_new 2011-08-24 11:39:04.0 +0200 @@ -29,7 +29,7 @@ BuildRequires: keyutils keyutils-devel BuildRequires: libselinux-devel Version:1.9.1 -Release:1 +Release:21 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel BuildRequires: pam-devel @@ -265,6 +265,7 @@ --with-selinux \ %else --disable-pkinit \ +--without-pam \ %endif --with-system-et \ --with-system-ss Remember to have fun... -- To unsubscribe, e-mail: opensuse-commit+unsubscr...@opensuse.org For additional commands, e-mail: opensuse-commit+h...@opensuse.org
commit krb5 for openSUSE:Factory
Hello community, here is the log from the commit of package krb5 for openSUSE:Factory checked in at Mon Aug 22 15:22:24 CEST 2011. --- krb5/krb5-doc.changes 2010-04-09 12:47:36.0 +0200 +++ /mounts/work_src_done/STABLE/krb5/krb5-doc.changes 2011-08-22 10:22:11.0 +0200 @@ -1,0 +2,5 @@ +Mon Aug 22 10:21:56 CEST 2011 - m...@suse.de + +- update to version 1.9.1 + +--- --- krb5/krb5-mini.changes 2011-04-14 11:34:57.0 +0200 +++ /mounts/work_src_done/STABLE/krb5/krb5-mini.changes 2011-08-22 10:17:47.0 +0200 @@ -1,0 +2,19 @@ +Sun Aug 21 09:37:01 UTC 2011 - m...@novell.com + +- add patches from Fedora and upstream +- fix init scripts (bnc#689006) + +--- +Fri Aug 19 15:48:35 UTC 2011 - m...@novell.com + +- update to version 1.9.1 + * obsolete patches: +MITKRB5-SA-2010-007-1.8.dif +krb5-1.8-MITKRB5-SA-2010-006.dif +krb5-1.8-MITKRB5-SA-2011-001.dif +krb5-1.8-MITKRB5-SA-2011-002.dif +krb5-1.8-MITKRB5-SA-2011-003.dif +krb5-1.8-MITKRB5-SA-2011-004.dif +krb5-1.4.3-enospc.dif + * replace krb5-1.6.1-compile_pie.dif +--- krb5.changes: same change calling whatdependson for head-i586 Old: MITKRB5-SA-2010-007-1.8.dif krb5-1.4.3-enospc.dif krb5-1.6.1-compile_pie.dif krb5-1.6.3-fix-ipv6-query.dif krb5-1.6.3-kprop-use-mkstemp.dif krb5-1.7-manpaths.dif krb5-1.7-manpaths.txt krb5-1.8-MITKRB5-SA-2010-006.dif krb5-1.8-MITKRB5-SA-2011-001.dif krb5-1.8-MITKRB5-SA-2011-002.dif krb5-1.8-MITKRB5-SA-2011-003.dif krb5-1.8-MITKRB5-SA-2011-004.dif krb5-1.8.3-rpmlintrc krb5-1.8.3.tar.bz2 krb5-doc-1.8.3-rpmlintrc New: krb5-1.7-doublelog.patch krb5-1.7-nodeplibs.patch krb5-1.8-api.patch krb5-1.8-manpaths.txt krb5-1.8-pam.patch krb5-1.9-buildconf.patch krb5-1.9-canonicalize-fallback.patch krb5-1.9-kprop-mktemp.patch krb5-1.9-ksu-path.patch krb5-1.9-manpaths.dif krb5-1.9-paren.patch krb5-1.9-selinux-label.patch krb5-1.9.1-ai_addrconfig.patch krb5-1.9.1-ai_addrconfig2.patch krb5-1.9.1-sendto_poll.patch krb5-1.9.1.tar.bz2 krb5-doc-rpmlintrc krb5-klist_s.patch krb5-pkinit-cms2.patch krb5-rpmlintrc krb5-trunk-chpw-err.patch krb5-trunk-gss_delete_sec.patch krb5-trunk-kadmin-oldproto.patch Other differences: -- ++ krb5-doc.spec ++ --- /var/tmp/diff_new_pack.dRm5I9/_old 2011-08-22 15:18:26.0 +0200 +++ /var/tmp/diff_new_pack.dRm5I9/_new 2011-08-22 15:18:26.0 +0200 @@ -20,15 +20,15 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive -Version:1.8.3 -Release:6 -%define srcRoot krb5-1.8.3 +Version:1.9.1 +Release:1 +%define srcRoot krb5-1.9.1 Summary:MIT Kerberos5 Implementation--Documentation License:MIT License (or similar) Url:http://web.mit.edu/kerberos/www/ Group: Documentation/Other -Source: krb5-1.8.3.tar.bz2 -Source3:%{name}-%{version}-rpmlintrc +Source: krb5-%{version}.tar.bz2 +Source3:%{name}-rpmlintrc Patch0: krb5-1.3.5-perlfix.dif Patch1: krb5-1.6.3-texi2dvi-fix.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build ++ krb5-mini.spec ++ --- /var/tmp/diff_new_pack.dRm5I9/_old 2011-08-22 15:18:26.0 +0200 +++ /var/tmp/diff_new_pack.dRm5I9/_new 2011-08-22 15:18:26.0 +0200 @@ -18,7 +18,7 @@ # norootforbuild %define build_mini 1 -%define srcRoot krb5-1.8.3 +%define srcRoot krb5-1.9.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -27,10 +27,12 @@ Url:http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel -Version:1.8.3 -Release:6 +BuildRequires: libselinux-devel +Version:1.9.1 +Release:1 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel +BuildRequires: pam-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -42,25 +44,33 @@ Summary:MIT Kerberos5 Implementation--Libraries Group: Productivity/Networking/Security %endif -Source: krb5-1.8.3.tar.bz2 +Source: krb5-1.9.1.tar.bz2 Source1:vendor-files.tar.bz2 Source2:baselibs.conf -Source5:krb5-%{version}-rpmlintrc -Source10: krb5-1.7-manpaths.txt -Patch1: krb5-1.6.1-compile_pie.dif -Patch2: krb5-1.6.3-kprop-use-mkstemp.dif -Patch3: krb5-1.7-manpaths.dif -Patch4: krb5-1.4.3-enospc.dif +Source5:krb5-rpmlintrc +Source10: krb5-1.8-manpaths.txt +Patch1: krb5-1.9-buildconf.patch +Patch3: