rpms/krb5/devel .cvsignore, 1.25, 1.26 krb5-kpasswd_tcp.patch, 1.1, 1.2 krb5.spec, 1.141, 1.142 sources, 1.27, 1.28 krb5-trunk-server_delegation.patch, 1.3, NONE
Nalin Somabhai Dahyabhai (nalin)
fedora-extras-commits at redhat.com
Tue Oct 23 19:41:19 UTC 2007
- Previous message (by thread): rpms/soprano/F-7 soprano-1.95.0-beta2-findclucene.diff, NONE, 1.1 .cvsignore, 1.2, 1.3 soprano.spec, 1.3, 1.4 sources, 1.2, 1.3
- Next message (by thread): rpms/xchat/F-7 xchat.spec, 1.74, 1.75 xchat-2.4.3-im_context_filter_keypress.patch, 1.1, NONE xchat-2.4.4-unrealize.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Author: nalin
Update of /cvs/pkgs/rpms/krb5/devel
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv11835
Modified Files:
.cvsignore krb5-kpasswd_tcp.patch krb5.spec sources
Removed Files:
krb5-trunk-server_delegation.patch
Log Message:
- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999
and CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)
Index: .cvsignore
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/.cvsignore,v
retrieving revision 1.25
retrieving revision 1.26
diff -u -r1.25 -r1.26
--- .cvsignore 19 Jul 2007 16:50:28 -0000 1.25
+++ .cvsignore 23 Oct 2007 19:40:45 -0000 1.26
@@ -22,3 +22,6 @@
krb5-1.6.2.tar.gz
krb5-1.6.2.tar.gz.asc
krb5-1.6.2-pdf.tar.gz
+krb5-1.6.3.tar.gz
+krb5-1.6.3.tar.gz.asc
+krb5-1.6.3-pdf.tar.gz
krb5-kpasswd_tcp.patch:
Index: krb5-kpasswd_tcp.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5-kpasswd_tcp.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -r1.1 -r1.2
--- krb5-kpasswd_tcp.patch 23 Aug 2007 20:50:42 -0000 1.1
+++ krb5-kpasswd_tcp.patch 23 Oct 2007 19:40:45 -0000 1.2
@@ -102,10 +102,12 @@
addrlen = sizeof(remote_addr);
callback_info.context = (void*) &callback_ctx;
-@@ -247,15 +287,8 @@ krb5_change_set_password(krb5_context co
+@@ -247,17 +287,10 @@ krb5_change_set_password(krb5_context co
NULL,
ss2sa(&remote_addr),
&addrlen,
+ NULL,
+ NULL,
- NULL
- ))) {
-
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/krb5.spec,v
retrieving revision 1.141
retrieving revision 1.142
diff -u -r1.141 -r1.142
--- krb5.spec 17 Oct 2007 17:48:52 -0000 1.141
+++ krb5.spec 23 Oct 2007 19:40:45 -0000 1.142
@@ -1,4 +1,5 @@
%define WITH_LDAP 1
+%define WITH_OPENSSL 1
%define krb5prefix %{_prefix}/kerberos
@@ -13,8 +14,8 @@
Summary: The Kerberos network authentication system.
Name: krb5
-Version: 1.6.2
-Release: 10%{?dist}
+Version: 1.6.3
+Release: 1%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.6/krb5-1.6.2-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -84,15 +85,12 @@
Patch57: krb5-1.6.2-login_chdir.patch
Patch58: krb5-1.6.2-key_exp.patch
Patch59: krb5-kpasswd_tcp.patch
-Patch65: CVE-2007-3999-2.patch
-Patch66: CVE-2007-4000.patch
Patch60: krb5-1.6.1-pam.patch
Patch61: krb5-trunk-manpaths.patch
Patch62: krb5-any-fixup-patch.txt
Patch63: krb5-1.6.1-selinux-label.patch
Patch64: krb5-ok-as-delegate.patch
-Patch67: krb5-trunk-server_delegation.patch
Patch68: krb5-trunk-spnego_delegation.patch
License: MIT, freely distributable.
@@ -110,6 +108,9 @@
%if %{WITH_LDAP}
BuildRequires: openldap-devel
%endif
+%if %{WITH_OPENSSL}
+BuildRequires: openssl-devel >= 0.9.8
+%endif
%description
Kerberos V5 is a trusted-third-party network authentication system,
@@ -209,7 +210,24 @@
installed on systems which are meant provide these services.
%endif
+%package pkinit-openssl
+Summary: The PKINIT module for Kerberos 5.
+Group: System Environment/Libraries
+Requires: %{name}-libs = %{version}-%{release}
+
+%description pkinit-openssl
+Kerberos is a network authentication system. The krb5-pkinit-openssl
+package contains the PKINIT plugin, which uses OpenSSL to allow clients
+to obtain initial credentials from a KDC using a private key and a
+certificate.
+
%changelog
+* Tue Oct 23 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.3-1
+- update to 1.6.3, dropping now-integrated patches for CVE-2007-3999
+ and CVE-2007-4000 (the new pkinit module is built conditionally and goes
+ into the -pkinit-openssl package, at least for now, to make a buildreq
+ loop with openssl avoidable)
+
* Wed Oct 17 2007 Nalin Dahyabhai <nalin at redhat.com> 1.6.2-10
- make proper use of pam_loginuid and pam_selinux in rshd and ftpd
@@ -1239,15 +1257,12 @@
%patch51 -p0 -b .ldap_init
%patch52 -p0 -b .ldap_man
%patch53 -p1 -b .nodeplibs
-%patch65 -p0 -b .2007-3999-2
-%patch66 -p0 -b .2007-4000
#%patch55 -p1 -b .empty
#%patch56 -p1 -b .doublelog
#%patch57 -p1 -b .login_chdir
#%patch58 -p1 -b .key_exp
#%patch59 -p0 -b .kpasswd_tcp
#%patch64 -p0 -b .ok-as-delegate
-#%patch67 -p0 -b .server-delegation
#%patch68 -p0 -b .spnego_delegation
cp src/krb524/README README.krb524
gzip doc/*.ps
@@ -1310,6 +1325,14 @@
%else
OPENLDAP_PLUGIN=""
%endif
+# Enable or disable the PKINIT plugin. The configure script only checks for
+# the version of OpenSSL being okay, so for now we have to use that to control
+# whether or not it tries to build the module.
+%if %{WITH_OPENSSL}
+k5_cv_openssl_version_okay=
+%else
+k5_cv_openssl_version_okay=no ; export k5_cv_openssl_version_okay
+%endif
# Work out the CFLAGS and CPPFLAGS which we intend to use.
CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC`"
CPPFLAGS="`echo $DEFINES $INCLUDES`"
@@ -1750,6 +1773,15 @@
%{_libdir}/krb5/plugins/kdb/db2.so
%{krb5prefix}/share
+%if %{WITH_OPENSSL}
+%files pkinit-openssl
+%defattr(-,root,root)
+%dir %{_libdir}/krb5
+%dir %{_libdir}/krb5/plugins
+%dir %{_libdir}/krb5/plugins/preauth
+%{_libdir}/krb5/plugins/preauth/pkinit.so
+%endif
+
%files devel
%defattr(-,root,root)
Index: sources
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/devel/sources,v
retrieving revision 1.27
retrieving revision 1.28
diff -u -r1.27 -r1.28
--- sources 19 Jul 2007 16:50:28 -0000 1.27
+++ sources 23 Oct 2007 19:40:45 -0000 1.28
@@ -1,3 +1,3 @@
-41d8c0cdb6c3e59171234b0464ec3c47 krb5-1.6.2.tar.gz
-8a5c577ea2907ecebdc03b7ccbf4d534 krb5-1.6.2.tar.gz.asc
-c6c5380e4bfdb787f3b196b66cd96bed krb5-1.6.2-pdf.tar.gz
+f32a9647deed175dd6bcc5e22d907541 krb5-1.6.3.tar.gz
+992f23ef516c1e3d406896ac835e4b68 krb5-1.6.3.tar.gz.asc
+5153f5c7773228bf3e295750e885dd04 krb5-1.6.3-pdf.tar.gz
--- krb5-trunk-server_delegation.patch DELETED ---
- Previous message (by thread): rpms/soprano/F-7 soprano-1.95.0-beta2-findclucene.diff, NONE, 1.1 .cvsignore, 1.2, 1.3 soprano.spec, 1.3, 1.4 sources, 1.2, 1.3
- Next message (by thread): rpms/xchat/F-7 xchat.spec, 1.74, 1.75 xchat-2.4.3-im_context_filter_keypress.patch, 1.1, NONE xchat-2.4.4-unrealize.patch, 1.1, NONE
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the fedora-extras-commits
mailing list