diff options
Diffstat (limited to 'krb5.spec')
-rw-r--r-- | krb5.spec | 83 |
1 files changed, 43 insertions, 40 deletions
@@ -40,10 +40,10 @@ Summary: The Kerberos network authentication system Name: krb5 -Version: 1.12.1 -Release: 15%{?dist} +Version: 1.12.2 +Release: 3%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? -# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12.1-signed.tar +# http://web.mit.edu/kerberos/dist/krb5/1.12/krb5-1.12.2-signed.tar Source0: krb5-%{version}.tar.gz Source1: krb5-%{version}.tar.gz.asc # Use a dummy krb5-%{version}-pdf.tar.xz the first time through, then @@ -84,7 +84,6 @@ Patch23: krb5-1.3.1-dns.patch Patch29: krb5-1.10-kprop-mktemp.patch Patch30: krb5-1.3.4-send-pr-tempfile.patch Patch39: krb5-1.12-api.patch -Patch56: krb5-1.10-doublelog.patch Patch59: krb5-1.10-kpasswd_tcp.patch Patch60: krb5-1.12.1-pam.patch Patch63: krb5-1.12-selinux-label.patch @@ -93,29 +92,20 @@ Patch86: krb5-1.9-debuginfo.patch Patch105: krb5-kvno-230379.patch Patch129: krb5-1.11-run_user_0.patch Patch134: krb5-1.11-kpasswdtest.patch -Patch135: krb5-master-keyring-kdcsync.patch Patch136: krb5-master-rcache-internal-const.patch Patch137: krb5-master-rcache-acquirecred-cleanup.patch -Patch138: krb5-master-rcache-acquirecred-leak.patch Patch139: krb5-master-rcache-acquirecred-source.patch -Patch140: krb5-master-empty-credstore.patch Patch141: krb5-master-rcache-acquirecred-test.patch Patch142: krb5-master-move-otp-sockets.patch -Patch143: krb5-master-spnego-preserve-oid.patch -Patch144: krb5-1.12-tcl86.patch Patch145: krb5-master-mechd.patch -Patch146: krb5-1.12-CVE-2014-4341_4342.patch -Patch147: krb5-1.12-CVE-2014-4341_4342-tests.patch -Patch148: krb5-gssapi-mech-doublefree.patch -Patch149: krb5-gssapi-spnego-deref.patch -Patch150: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt -Patch151: http://web.mit.edu/kerberos/advisories/2014-001-patch.txt.asc -Patch201: 0001-Don-t-try-to-stat-not-on-disk-ccache-residuals.patch -Patch202: 0002-Use-an-in-memory-cache-until-we-need-the-target-s.patch -Patch203: 0003-Learn-to-destroy-the-ccache-we-re-copying-from.patch -Patch204: 0004-Try-to-use-the-default_ccache_name-d-as-the-target.patch -Patch205: 0005-Be-more-careful-of-target-ccache-collections.patch -Patch206: 0006-Copy-config-entries-to-the-target-ccache.patch +Patch146: krb5-master-strdupcheck.patch +Patch201: 0001-In-ksu-merge-krb5_ccache_copy-and-_restricted.patch +Patch202: 0002-In-ksu-don-t-stat-not-on-disk-ccache-residuals.patch +Patch203: 0003-Use-an-intermediate-memory-cache-in-ksu.patch +Patch204: 0004-Make-ksu-respect-the-default_ccache_name-setting.patch +Patch205: 0005-Copy-config-entries-to-the-ksu-target-ccache.patch +Patch206: 0006-Use-more-randomness-for-ksu-secondary-cache-names.patch +Patch207: 0007-Make-krb5_cc_new_unique-create-DIR-directories.patch License: MIT URL: http://web.mit.edu/kerberos/www/ @@ -318,14 +308,15 @@ certificate. %setup -q -a 3 -a 100 -a 102 ln -s NOTICE LICENSE -%patch1 -p1 -b .pwdch-fast +%patch201 -p1 -b .In-ksu-merge-krb5_ccache_copy-and-_restricted +%patch202 -p1 -b .In-ksu-don-t-stat-not-on-disk-ccache-residuals +%patch203 -p1 -b .Use-an-intermediate-memory-cache-in-ksu +%patch204 -p1 -b .Make-ksu-respect-the-default_ccache_name-setting +%patch205 -p1 -b .Copy-config-entries-to-the-ksu-target-ccache +%patch206 -p1 -b .Use-more-randomness-for-ksu-secondary-cache-names +%patch207 -p1 -b .Make-krb5_cc_new_unique-create-DIR-directories -%patch201 -p1 -b .Don-t-try-to-stat-not-on-disk-ccache-residuals -%patch202 -p1 -b .Use-an-in-memory-cache-until-we-need-the-target-s -%patch203 -p1 -b .Learn-to-destroy-the-ccache-we-re-copying-from -%patch204 -p1 -b .Try-to-use-the-default_ccache_name-d-as-the-target -%patch205 -p1 -b .Be-more-careful-of-target-ccache-collections -%patch206 -p1 -b .Copy-config-entries-to-the-target-ccache +%patch1 -p1 -b .pwdch-fast %patch60 -p1 -b .pam @@ -338,7 +329,6 @@ ln -s NOTICE LICENSE %patch29 -p1 -b .kprop-mktemp %patch30 -p1 -b .send-pr-tempfile %patch39 -p1 -b .api -%patch56 -p1 -b .doublelog %patch59 -p1 -b .kpasswd_tcp %patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild} %patch86 -p0 -b .debuginfo @@ -350,23 +340,13 @@ ln -s NOTICE LICENSE %patch134 -p1 -b .kpasswdtest -%patch135 -p1 -b .keyring-kdcsync - %patch136 -p1 -b .rcache-internal-const %patch137 -p1 -b .rcache-acquirecred-cleanup -%patch138 -p1 -b .rcache-acquirecred-leak %patch139 -p1 -b .rcache-acquirecred-source -%patch140 -p1 -b .empty-credstore %patch141 -p1 -b .rcache-acquirecred-test %patch142 -p1 -b .move-otp-sockets -%patch143 -p1 -b .spnego-preserve-oid -%patch144 -p1 -b .tcl86 %patch145 -p1 -b .master-mechd -%patch146 -p1 -b .CVE-2014-4341_4342 -%patch147 -p1 -b .CVE-2014-4341_4342 -%patch148 -p1 -b .gssapi-mech-doublefree -%patch149 -p1 -b .gssapi-spnego-deref -%patch150 -p1 -b .2014-001 +%patch146 -p1 -b .master-strdupcheck # Take the execute bit off of documentation. chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html @@ -1043,9 +1023,32 @@ exit 0 %{_sbindir}/uuserver %changelog +* Wed Aug 20 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.2-3 +- pull in upstream fix for an incorrect check on the value returned by a + strdup() call (#1132062) + * Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.1-15 - Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild +* Sun Aug 17 2014 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.12.2-2 +- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild + +* Fri Aug 15 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.2-1 +- update to 1.12.2 + - drop patch for RT#7820, fixed in 1.12.2 + - drop patch for #231147, fixed as RT#3277 in 1.12.2 + - drop patch for RT#7818, fixed in 1.12.2 + - drop patch for RT#7836, fixed in 1.12.2 + - drop patch for RT#7858, fixed in 1.12.2 + - drop patch for RT#7924, fixed in 1.12.2 + - drop patch for RT#7926, fixed in 1.12.2 + - drop patches for CVE-2014-4341/CVE-2014-4342, included in 1.12.2 + - drop patch for CVE-2014-4343, included in 1.12.2 + - drop patch for CVE-2014-4344, included in 1.12.2 + - drop patch for CVE-2014-4345, included in 1.12.2 +- replace older proposed changes for ksu with backports of the changes + after review and merging upstream (#1015559, #1026099, #1118347) + * Thu Aug 7 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-14 - incorporate fix for MITKRB5-SA-2014-001 (CVE-2014-4345) |