- create and own /var/kerberos/krb5/user instead of /var/kerberos/kdc/user,
since that's what the libraries actually look for
- add buildrequires on nss-myhostname, in an attempt to get more of the tests
to run properly during builds
- go back to using reconf to run autoconf and autoheader (part of #925640)
- add temporary patch to use newer config.guess/config.sub (more of #925640)
drop the kerberos-iv portreserve file (long overdue), and drop the rest
on systemd systems, since we don't currently poke portreserve when we're
starting a service
- update to the 1.11 final release
- drop the rawbuild tag from a couple of patches which we don't actually
need to apply to get things to compile the way the package expects
- handle releases where texlive packaging wasn't yet as complicated as it
is in Fedora 18
- fix an uninitialized-variable error building one of the test programs
- move the rather large pile of html and pdf docs to -workstation, so
that just having something that links to the libraries won't drag
them onto a system
- actually create %%{_var}/kerberos/kdc/user, so that it can be packaged
- correct the list of packaged man pages
- drop backported patches to make keytab-based authentication attempts
work better when the client tells the KDC that it supports a particular
cipher, but doesn't have a key for it in the keytab
- drop backported fix for teaching PKINIT clients which trust the KDC's
certificate directly to verify signed-data messages that are signed with
the KDC's certificate, when the blobs don't include a copy of the KDC's
certificate
- add a backport of more patches to set the client's list of supported enctypes
when using a keytab to be the list of types of keys in the keytab, plus the
list of other types the client supports but for which it doesn't have keys,
in that order, so that KDCs have a better chance of being able to issue
tickets with session keys of types that the client can use (#837855)
- pull up patch for RT#7063, in which not noticing a prompt for a long
time throws the client library's idea of the time difference between it
and the KDC really far out of whack (#773496)
- undo rename from krb5-pkinit-openssl to krb5-pkinit on EL6
- version the Obsoletes: on the krb5-pkinit-openssl to krb5-pkinit rename
- reintroduce the init scripts for non-systemd releases
- forward-port %%{_?rawbuild} annotations from EL6 packaging
- selinux: hang on to the list of selinux contexts, freeing and reloading
it only when the file we read it from is modified, freeing it when the
shared library is being unloaded (#845125)
