Репозитории ALT
| S: | 1.20.1-alt1 |
| 5.1: | 1.6.3-alt10.M50P.1 |
| 4.1: | 1.6.3-alt3.M41.4 |
| 4.0: | 1.5.1-alt4.M40.5 |
| +updates: | 1.5.1-alt4.M40.5 |
| 3.0: | 1.4.1-alt1 |
Группа :: Система/Библиотеки
Пакет: krb5
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
11 февраля 2011 Andrey Cherepanov <cas at altlinux.org> 1.6.3-alt10.M50P.1
- Backport to p5 branch (security fixes)
- fixed:
+ MITKRB5-SA-2010-003
+ MITKRB5-SA-2010-005
+ MITKRB5-SA-2010-007
+ MITKRB5-SA-2011-002 - added strict requiremets on libkrb5-ldap;
- rebuild with debuinfo.
- Backported pkinit_crypto_openssl.c fixes from trunk.
- Packaged -doc, -server and -workstation subpackages as noarch.
- Built with libcrypto.so.10.
- fixed:
+ MITKRB-SA-2009-004
- rebuilt with openldap2.4
- kdc initscript modified to run after slapd
- kadmin & kprop services off by default
- fixed:
+ MITKRB5-SA-2009-001
+ MITKRB5-SA-2009-002
- change defaults to rely on DNS SRV/TXT records
- redundant req on libe2fs-devel in devel subpackage dropped (#16637)
- obsolete by filetriggers macros removed
- redundant build req to e2fs-devel removed (#16137)
- krb5.h modifed to avoid preprocessor loop
- rebuilt againts recent openssl
- fixed:
+ MITKRB5-SA-2008-001
+ MITKRB5-SA-2008-002
- added req on libkeyutils-devel to krb5-devel subpackage (#13977)
- 1.6.3 released
- MITKRB5-SA-2007-006 fix revised
- fixed:
+ MITKRB5-SA-2007-006
- fixed:
+ MITKRB5-SA-2007-004
+ MITKRB5-SA-2007-005
- fixed:
+ MITKRB5-SA-2007-001
+ MITKRB5-SA-2007-002
+ MITKRB5-SA-2007-003
- kadmind: MITKRB5-SA-2006-002, MITKRB5-SA-2006-003
- bug fixed: #10494
- packaged missing db2 plugin
- 1.5.1 released
- patches rediffed & applied:
+ krb5-1.3-alt-rh-manpage-paths.patch
+ krb5-1.3-rh-netkit-rsh.patch
+ krb5-1.4-alt-rh-rlogind-environ.patch
+ krb5-1.3-rh-ksu-access.patch
+ krb5-1.3-rh-ksu-path.patch
+ krb5-1.1.1-rh-brokenrev.patch
+ krb5-1.2.1-rh-passive.patch
+ krb5-1.4-rh-ktany.patch
+ krb5-1.3-rh-large-file.patch
+ krb5-1.3-rh-ftp-glob.patch
+ krb5-1.3-rh-check.patch
+ krb5-1.2.7-rh-reject-bad-transited.patch
+ krb5-1.3.1-rh-dns.patch
+ krb5-1.4-rh-null.patch
+ krb5-1.3.3-rh-rcp-sendlarge.patch
+ krb5-1.3.5-rh-kprop-mktemp.patch
+ krb5-1.3.6-alt-send-pr.patch
+ krb5-1.4.1-rh-api.patch
+ krb5-1.4.1-rh-telnet-environ.patch
+ krb5-1.4.3-rh-enospc.patch
+ krb5-1.5-rh-fclose.patch
+ krb5-1.5-rh-gssinit.patch
+ krb5-1.5-rh-io.patch
+ krb5-1.5.1-alt-tinfo.patch
+ krb5-1.5.1-alt-norpath.patch
+ krb5-1.5.1-alt-krb5config.patch
+ krb5-1.5.1-alt-krb5-rlogin-prog.patch
+ krb5-1.5.1-alt-kadmind-pidfile.patch
- fixed #9408
- 1.4.3
- linked against system libss
- 1.4.1
- subpackages rearranged:
+ made new -kdc, -kadmin and -kinit subpackages
+ old -server and -workstation now contains no data
+ extra docs packaged separately to -doc subpackage - some libraries returned back to %_libdir
- bugs fixed: #6109, #6678, #6727
- 1.3.6
- NMU, fixes:
+ MITKRB5-SA-2004-001,
+ MITKRB5-SA-2004-002,
+ MITKRB5-SA-2004-003.
- Removed unneeded %set_*_version calls.
- Force -I/usr/include/et in krb5-config
- Fixed:
+ #3494, #3655, #3136, and #2770 - Changed:
+ Libraries moved from /usr/lib/krb5 to /lib - Added:
+ Compile krb5 against system libcom_err from libe2fs - Removed:
+ Static libraries
- Added:
+ all init scripts moved to start-stop-daemon approach - Fixed:
+ #2875, in kpropd and kadmind initscripts - Removed:
+ Kerberos IV support
- 1.3.1 release (with support for RC4-HMAC encryption type)
- Fixed:
+ MITKRB5-SA-2003-03
+ CAN-2003-0072
+ CAN-2003-0082
- 1.2.7
- Fixed:
+ krb5-config to reflect our layout
+ localstatedir to /var/lib/kerberos
+ description of libkrb5-devel - Splitted:
+ statically compiled libraries to libkrb5-devel-static
- Merge AW changes with Sisyphus
- spec cleanup
- AW adaptations
- Integrate krb5-current into Sisyphus
- Patch list revised
- Move various samples to libkrb5-devel
- Integrate krb5-current to get access to enc.type 23
- remove libtinfo/samba support as it is not required yet.
- New release
- Fixed:
+ MITKRB5-SA-2002-001: Remote root vulnerability in MIT krb5 admin system - Added but not compiled in yet:
+ A patch from Andrew Tridgell to better support Samba 3.0 ADS mode
- Build against libtinfo, get rid of termcap/ncurses
- Fixed:
+ /usr/include/krb5 ownership
- Fixed:
+ documentation clashes with overriden utilites
- Fixed:
+ paths in xinet.d services
+ /var/kerberos moved to /var/lib/kerberos (FHS)
- Fixed:
+ postin/un scripts for libkrb5
- Fixed:
+ Info pages for server/workstation
- Initial build for ALT Linux based on Applianceware version
- Fixed:
+ all libs moved to /usr/lib/krb5/, includes to /usr/include/krb5
+ postinstall/postuninstall scripts for libs
+ dependencies for several sub-packages to eliminate file deps.
+ krb5-send-pr to not expose direct Requires: to nis/yp utils - Packages renamed:
+ krb5-libs -> libkrb5
+ krb5-devel -> libkrb5-devel
- bump release number and rebuild
- add patch to fix telnetd vulnerability
- tweak statglue.c to fix stat/stat64 aliasing problems
- be cleaner in use of gcc to build shlibs
- use gcc to build shared libraries
- add patch to support "ANY" keytab type (i.e.,
"default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab"
patch from Gerald Britton, #42551) - build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)
- patch ftpd to use long long and %lld format specifiers to support the SIZE
command on large files (also #30697) - don't use LOG_AUTH as an option value when calling openlog() in ksu (#45965)
- implement reload in krb5kdc and kadmind init scripts (#41911)
- lose the krb5server init script (not using it any more)
- Bump release + rebuild.
- pass some structures by address instead of on the stack in krb5kdc
- rebuild in new environment
- add patch from Tom Yu to fix ftpd overflows (#37731)
- disable optimizations on the alpha again
- add in glue code to make sure that libkrb5 continues to provide a
weak copy of stat()
- build alpha with -O0 for now
- fix the kpropd init script
- update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO
- re-enable optimization on Alpha
- build alpha with -O0 for now
- own /var/kerberos
- own the directories which are created for each package (#26342)
- gettextize init scripts
- add some comments to the ksu patches for the curious
- re-enable optimization on alphas
- fix krb5-send-pr (#18932) and move it from -server to -workstation
- buildprereq libtermcap-devel
- temporariliy disable optimization on alphas
- gettextize init scripts
- force -fPIC
- rebuild in new environment
- add bison as a BuildPrereq (#20091)
- change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000)
- apply kpasswd bug fixes from David Wragg
- make krb5-libs obsolete the old krb5-configs package (#18351)
- don't quit from the kpropd init script if there's no principal database so
that you can propagate the first time without running kpropd manually - don't complain if /etc/ld.so.conf doesn't exist in the -libs %post
- fix credential forwarding problem in klogind (goof in KRB5CCNAME handling)
(#11588) - fix heap corruption bug in FTP client (#14301)
- fix summaries and descriptions
- switched the default transfer protocol from PORT to PASV as proposed on
bugzilla (#16134), and to match the regular ftp package's behavior
- rebuild to compress man pages.
- move initscript back
- disable servers by default to keep linuxconf from thinking they need to be
started when they don't
- automatic rebuild
- change cleanup code in post to not tickle chkconfig
- add grep as a Prereq: for -libs
- move condrestarts to postun
- make xinetd configs noreplace
- add descriptions to xinetd configs
- add /etc/init.d as a prereq for the -server package
- patch to properly truncate $TERM in krlogind
- update to 1.2.1
- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
- start using the official source tarball instead of its contents
- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not
compatible with other stuff in 6.2, so no need)
- tweak graceful start/stop logic in post and preun
- update to the 1.2 release
- ditch a lot of our patches which went upstream
- enable use of DNS to look up things at build-time
- disable use of DNS to look up things at run-time in default krb5.conf
- change ownership of the convert-config-files script to root.root
- compress PS docs
- fix some typos in the kinit man page
- run condrestart in server post, and shut down in preun
- only remove old krb5server init script links if the init script is there
- disable kshell and eklogin by default
- patch mkdir/rmdir problem in ftpcmd.y
- add condrestart option to init script
- split the server init script into three pieces and add one for kpropd
- make sure workstation servers are all disabled by default
- clean up krb5server init script
- apply second set of buffer overflow fixes from Tom Yu
- fix from Dirk Husung for a bug in buffer cleanups in the test suite
- work around possibly broken rev binary in running test suite
- move default realm configs from /var/kerberos to /var/kerberos
- make ksu and v4rcp owned by root
- use %{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
- change a LINE_MAX to 1024, fix from Ken Raeburn
- add fix for login vulnerability in case anyone rebuilds without krb4 compat
- add tweaks for byte-swapping macros in krb.h, also from Ken
- add xinetd config files
- make rsh and rlogin quieter
- build with debug to fix credential forwarding
- add rsh as a build-time req because the configure scripts look for it to
determine paths
- fix config_subpackage logic
- remove setuid bit on v4rcp and ksu in case the checks previously added
don't close all of the problems in ksu - apply patches from Jeffrey Schiller to fix overruns Chris Evans found
- reintroduce configs subpackage for use in the errata
- add PreReq: sh-utils
- fix double-free in the kdc (patch merged into MIT tree)
- include convert-config-files script as a documentation file
- patch ksu man page because the -C option never works
- add access() checks and disable debug mode in ksu
- modify default ksu build arguments to specify more directories in CMD_PATH
and to use getusershell()
- fix configure stuff for ia64
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
- change Requires: for/in subpackages to include 1.6.3
- add man pages for kerberos(1), kvno(1), .k5login(5)
- add kvno to -workstation
- Merge krb5-configs back into krb5-libs. The krb5.conf file is marked as
a %config file anyway. - Make krb5.conf a noreplace config file.
- Make klogind pass a clean environment to children, like NetKit's rlogind does.
- Don't enable the server by default.
- Compress info pages.
- Add defaults for the PAM module to krb5.conf
- Correct copyright: it's exportable now, provided the proper paperwork is
filed with the government.
- apply Mike Friedman's patch to fix format string problems
- don't strip off argv[0] when invoking regular rsh/rlogin
- run kadmin.local correctly at startup
- pass absolute path to kadm5.keytab if/when extracting keys at startup
- fix info page insertions
- tweak server init script to automatically extract kadm5 keys if
/var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet - adjust package descriptions
- fix for potentially gzipped man pages
- fix comments in krb5-configs
- move /usr/kerberos/bin to end of PATH
- install kadmin header files
- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
- add installation of info docs
- remove krb4 compat patch because it doesn't fix workstation-side servers
- remove hesiod dependency at build-time
- rebuild on 1.1.1
- clean up init script for server, verify that it works [jlkatz]
- clean up rotation script so that rc likes it better
- add clean stanza
- backed out ncurses and makeshlib patches
- update for krb5-1.1
- add KDC rotation to rc.boot, based on ideas from Michael's C version
- added -lncurses to telnet and telnetd makefiles
- added krb5.csh and krb5.sh to /etc/profile.d
- broke out configuration files
- fixed server package so that it works now
- started changelog
- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
- added --force to makeinfo commands to skip errors during build