ALT Linux repositórios
S: | 1.21.2-alt1 |
5.0: | 1.6.3-alt6.M50.2 |
4.1: | 1.6.3-alt3.M41.4 |
4.0: | 1.5.1-alt4.M40.5 |
+updates: | 1.5.1-alt4.M40.5 |
3.0: | 1.4.1-alt1 |
Group :: Sistema/Bibliotecas
RPM: krb5
Main Changelog Spec Patches Sources Download Gear Bugs e FR Repocop
16 agosto 2023 Ivan A. Melnikov <iv at altlinux.org> 1.21.2-alt1
- 1.21.2 (Fixes: CVE-2023-39975)
- 1.21.1 (Fixes: CVE-2023-36054)
- 1.21
- 1.20.1
- 1.19.4 (Fixes: CVE-2022-42898)
- build with docs again
- bootstrap with new libldap, build without docs
- 1.19.3 (Fixes: CVE-2021-37750)
- Fix documentation build
+ switch to python3-module-sphinx
+ drop obsolete texlive workaround
- 1.19.2 (Fixes: CVE-2021-36222)
- Fix build on mipsel
- 1.19.1
- 1.19
- 1.18.3 (Fixes: CVE-2020-28196)
- provide krb5-libs (RH/Fedora compatibility, suggested by cas@)
- 1.18.2
- 1.18
- 1.17.1
- 1.17
- drop patch 1, as we don't need that export any more
- update patch 63 from fedora
- 1.16.3 (CVE-2018-20217)
- apply bootstrap and e2k tweaks (mike@) (closes: #32982)
+ introduce doc, ldap, selinux, verto knobs (on by default)
+ conditionally package bundled libverto
+ e2k: disable -Werror={pointer-arith,uninitialized} (lcc)
- Fixed yield of cache from MEMORY ccache (closes #35597, #35667).
- 1.16.2
- move ksu to a separate subpackage
- add control facility to manage ksu binary permissions (closes #33479)
- get rid of UBT
- rebuild with openssl-1.1
- 1.16.1 (CVE-2018-5729, CVE-2018-5730)
- Update to latest stable release 1.16
- Fix build-pdf on Sisyphus
- Add noport, nss_wrapper and socket_wrapper for tests running
- Update to latest stable release 1.15.2 with kdcpreauth from 1.16.x
- Update to latest stable release 1.15.1 with kdcpreauth from 1.16.x
- Update to first spring release 1.14.5
- Add _keytab group for default keytab /etc/krb5.keytab
- 1.14.4
- fixed CVE-2016-3120
- krb5kdc.service: start after slapd
- 1.14.2
- fixed CVE-2015-2695,CVE-2015-2696,CVE-2015-2697,CVE-2015-2698,CVE-2015-8629,CVE-2015-8630,CVE-2015-8631,CVE-2016-3119
- allow verification of attributes on krb5.conf
- Comment out includedir directive in /etc/krb5.conf because samba
cannot get Kerberos context while domain provision
- 1.13.2
- fixed CVE-2014-5355, CVE-2015-2694
- add patches from fedora
- 1.13.1;
- drop patches already applied by upstream.
- fix for MITKRB5-SA-2015-001 (CVE-2014-5352, CVE-2014-9421,
CVE-2014-9422, CVE-2014-9423)
- fixed CVE-2014-5353, CVE-2014-5354
- 1.13
- fixed CVE-2014-5351
- move header from /usr/include/krb5 to /usr/include
- drop kdcrotate service
- update krb5.conf:
+ add [logging] example
+ add [realms] example
+ add [domain_realm] example
+ define default_ccache_name as KEYRING:persistent:%{uid}
- applied upstream fix for libdb2
- disabled t_kprop.py test
- 1.12;
- update fedora patches;
- import memory leak fixes from upstream master (RT#7803, RT#7805).
- 1.11.3
- drop obsolete patch 23.
- Increase run order from 40 to 41 to prevent error reading from LDAP:
'preauth pkinit failed to initialize: No realms configured correctly
for pkinit support'
- add patch 23 from upstream git to fix kpasswd udp ping-pong
(CVE-2002-2443).
- 1.11.2;
- drop obsolete patch 22.
- 1.11.1
+ fix a null pointer dereference in the KDC PKINIT code
(CVE-2013-1415); - drop obsolete patch 21;
- add patch 22 from upstream git to fix a memory leak in
krb5_get_init_creds_keytab (upstream ticket 7586).
- added %check section.
- 1.11;
- dropped obsolete patches;
- updated fedora patches;
- add patch 21 from fedora;
- update gear rules to better match upstream distribution;
- change way we deal with preprocessor loop in krb5/krb5.h (instead
of patch that caused build problems we do it with sed in %install); - dropped internal headers packaging;
- minor packaging improvements.
- Fixed build
- CVE-2012-1015
- Added necessary headers into libkrb5-devel (ALT #27467)
- 1.10.2
- CVE-2012-1013
- Add systemd unit files
- resurrect krb5-1.10-alt-avoid-preprocessor-loop.patch
- 1.10.1
- get rid of almost empty services, clients subpackages
- replace server, workstation packages by Provides/Obsoletes
- check if ftp daemon fails to set effective group id
(MITKRB5-SA-2011-005, CVE-2011-1526).
- krb5-config: disabled dependency on libkeyutils-devel
- fixed:
+ MITKRB5-SA-2010-003
+ MITKRB5-SA-2010-005
+ MITKRB5-SA-2010-007
+ MITKRB5-SA-2011-002 - added strict requiremets on libkrb5-ldap;
- rebuild with debuinfo.
- Backported pkinit_crypto_openssl.c fixes from trunk.
- Packaged -doc, -server and -workstation subpackages as noarch.
- Built with libcrypto.so.10.
- fixed:
+ MITKRB-SA-2009-004
- rebuilt with openldap2.4
- kdc initscript modified to run after slapd
- kadmin & kprop services off by default
- fixed:
+ MITKRB5-SA-2009-001
+ MITKRB5-SA-2009-002
- change defaults to rely on DNS SRV/TXT records
- redundant req on libe2fs-devel in devel subpackage dropped (#16637)
- obsolete by filetriggers macros removed
- redundant build req to e2fs-devel removed (#16137)
- krb5.h modifed to avoid preprocessor loop
- rebuilt againts recent openssl
- fixed:
+ MITKRB5-SA-2008-001
+ MITKRB5-SA-2008-002
- added req on libkeyutils-devel to krb5-devel subpackage (#13977)
- 1.6.3 released
- MITKRB5-SA-2007-006 fix revised
- fixed:
+ MITKRB5-SA-2007-006
- fixed:
+ MITKRB5-SA-2007-004
+ MITKRB5-SA-2007-005
- fixed:
+ MITKRB5-SA-2007-001
+ MITKRB5-SA-2007-002
+ MITKRB5-SA-2007-003
- kadmind: MITKRB5-SA-2006-002, MITKRB5-SA-2006-003
- bug fixed: #10494
- packaged missing db2 plugin
- 1.5.1 released
- patches rediffed & applied:
+ krb5-1.3-alt-rh-manpage-paths.patch
+ krb5-1.3-rh-netkit-rsh.patch
+ krb5-1.4-alt-rh-rlogind-environ.patch
+ krb5-1.3-rh-ksu-access.patch
+ krb5-1.3-rh-ksu-path.patch
+ krb5-1.1.1-rh-brokenrev.patch
+ krb5-1.2.1-rh-passive.patch
+ krb5-1.4-rh-ktany.patch
+ krb5-1.3-rh-large-file.patch
+ krb5-1.3-rh-ftp-glob.patch
+ krb5-1.3-rh-check.patch
+ krb5-1.2.7-rh-reject-bad-transited.patch
+ krb5-1.3.1-rh-dns.patch
+ krb5-1.4-rh-null.patch
+ krb5-1.3.3-rh-rcp-sendlarge.patch
+ krb5-1.3.5-rh-kprop-mktemp.patch
+ krb5-1.3.6-alt-send-pr.patch
+ krb5-1.4.1-rh-api.patch
+ krb5-1.4.1-rh-telnet-environ.patch
+ krb5-1.4.3-rh-enospc.patch
+ krb5-1.5-rh-fclose.patch
+ krb5-1.5-rh-gssinit.patch
+ krb5-1.5-rh-io.patch
+ krb5-1.5.1-alt-tinfo.patch
+ krb5-1.5.1-alt-norpath.patch
+ krb5-1.5.1-alt-krb5config.patch
+ krb5-1.5.1-alt-krb5-rlogin-prog.patch
+ krb5-1.5.1-alt-kadmind-pidfile.patch
- fixed #9408
- 1.4.3
- linked against system libss
- 1.4.1
- subpackages rearranged:
+ made new -kdc, -kadmin and -kinit subpackages
+ old -server and -workstation now contains no data
+ extra docs packaged separately to -doc subpackage - some libraries returned back to %_libdir
- bugs fixed: #6109, #6678, #6727
- 1.3.6
- NMU, fixes:
+ MITKRB5-SA-2004-001,
+ MITKRB5-SA-2004-002,
+ MITKRB5-SA-2004-003.
- Removed unneeded %set_*_version calls.
- Force -I/usr/include/et in krb5-config
- Fixed:
+ #3494, #3655, #3136, and #2770 - Changed:
+ Libraries moved from /usr/lib64/krb5 to /lib - Added:
+ Compile krb5 against system libcom_err from libe2fs - Removed:
+ Static libraries
- Added:
+ all init scripts moved to start-stop-daemon approach - Fixed:
+ #2875, in kpropd and kadmind initscripts - Removed:
+ Kerberos IV support
- 1.3.1 release (with support for RC4-HMAC encryption type)
- Fixed:
+ MITKRB5-SA-2003-03
+ CAN-2003-0072
+ CAN-2003-0082
- 1.2.7
- Fixed:
+ krb5-config to reflect our layout
+ localstatedir to /var/lib/kerberos
+ description of libkrb5-devel - Splitted:
+ statically compiled libraries to libkrb5-devel-static
- Merge AW changes with Sisyphus
- spec cleanup
- AW adaptations
- Integrate krb5-current into Sisyphus
- Patch list revised
- Move various samples to libkrb5-devel
- Integrate krb5-current to get access to enc.type 23
- remove libtinfo/samba support as it is not required yet.
- New release
- Fixed:
+ MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system - Added but not compiled in yet:
+ A patch from Andrew Tridgell to better support Samba 3.0 ADS mode
- Build against libtinfo, get rid of termcap/ncurses
- Fixed:
+ /usr/include/krb5 ownership
- Fixed:
+ documentation clashes with overriden utilites
- Fixed:
+ paths in xinet.d services
+ /var/kerberos moved to /var/lib/kerberos (FHS)
- Fixed:
+ postin/un scripts for libkrb5
- Fixed:
+ Info pages for server/workstation
- Initial build for ALT Linux based on Applianceware version
- Fixed:
+ all libs moved to /usr/lib64/krb5/, includes to /usr/include/krb5
+ postinstall/postuninstall scripts for libs
+ dependencies for several sub-packages to eliminate file deps.
+ krb5-send-pr to not expose direct Requires: to nis/yp utils - Packages renamed:
+ krb5-libs -> libkrb5
+ krb5-devel -> libkrb5-devel
- bump release number and rebuild
- add patch to fix telnetd vulnerability
- tweak statglue.c to fix stat/stat64 aliasing problems
- be cleaner in use of gcc to build shlibs
- use gcc to build shared libraries
- add patch to support "ANY" keytab type (i.e.,
"default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab"
patch from Gerald Britton, #42551) - build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)
- patch ftpd to use long long and %lld format specifiers to support the SIZE
command on large files (also #30697) - don't use LOG_AUTH as an option value when calling openlog() in ksu (#45965)
- implement reload in krb5kdc and kadmind init scripts (#41911)
- lose the krb5server init script (not using it any more)
- Bump release + rebuild.
- pass some structures by address instead of on the stack in krb5kdc
- rebuild in new environment
- add patch from Tom Yu to fix ftpd overflows (#37731)
- disable optimizations on the alpha again
- add in glue code to make sure that libkrb5 continues to provide a
weak copy of stat()
- build alpha with -O0 for now
- fix the kpropd init script
- update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO
- re-enable optimization on Alpha
- build alpha with -O0 for now
- own /var/kerberos
- own the directories which are created for each package (#26342)
- gettextize init scripts
- add some comments to the ksu patches for the curious
- re-enable optimization on alphas
- fix krb5-send-pr (#18932) and move it from -server to -workstation
- buildprereq libtermcap-devel
- temporariliy disable optimization on alphas
- gettextize init scripts
- force -fPIC
- rebuild in new environment
- add bison as a BuildPrereq (#20091)
- change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000)
- apply kpasswd bug fixes from David Wragg
- make krb5-libs obsolete the old krb5-configs package (#18351)
- don't quit from the kpropd init script if there's no principal database so
that you can propagate the first time without running kpropd manually - don't complain if /etc/ld.so.conf doesn't exist in the -libs %post
- fix credential forwarding problem in klogind (goof in KRB5CCNAME handling)
(#11588) - fix heap corruption bug in FTP client (#14301)
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
bugzilla (#16134), and to match the regular ftp package's behavior
- rebuild to compress man pages.
- move initscript back
- disable servers by default to keep linuxconf from thinking they need to be
started when they don't
- automatic rebuild
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind
- update to 1.2.1
- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents
- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not
compatible with other stuff in 6.2, so no need)
- tweak graceful start/stop logic in post and preun
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun
- only remove old krb5server init script links if the init script is there
- disable kshell and eklogin by default
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd
- make sure workstation servers are all disabled by default
- clean up krb5server init script
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos
- make ksu and v4rcp owned by root
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4 compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
determine paths
- fix config_subpackage logic
- remove setuid bit on v4rcp and ksu in case the checks previously added
don't close all of the problems in ksu - apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in CMD_PATH
and to use getusershell()
- fix configure stuff for ia64
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
- change Requires: for/in subpackages to include 1.21.2
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as
a %config file anyway. - Make krb5.conf a noreplace config file.
- Make klogind pass a clean environment to children, like NetKit's rlogind does.
- Don't enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf
- Correct copyright: it's exportable now, provided the proper paperwork is
filed with the government.
- apply Mike Friedman's patch to fix format string problems
- don't strip off argv[0] when invoking regular rsh/rlogin
- run kadmin.local correctly at startup
- pass absolute path to kadm5.keytab if/when extracting keys at startup
- fix info page insertions
- tweak server init script to automatically extract kadm5 keys if
/var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet - adjust package descriptions
- fix for potentially gzipped man pages
- fix comments in krb5-configs
- move /usr/kerberos/bin to end of PATH
- install kadmin header files
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn't fix workstation-side servers
- remove hesiod dependency at build-time
- rebuild on 1.1.1
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael's C version
- added -lncurses to telnet and telnetd makefiles
- added krb5.csh and krb5.sh to /etc/profile.d
- broke out configuration files
- fixed server package so that it works now
- started changelog
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build