- Update from krb5-1.13-alpha1 to final krb5-1.13
- Removed patch for CVE-2014-5351 (#1145425) "krb5: current
keys returned when randomizing the keys for a service principal" -
now part of upstream sources
- Use patch for glibc |eventfd()| prototype mismatch (#1147887) only
for Fedora > 20
Use nss_wrapper (from cwrap.org) to be able to run more of the
self-tests during %%check. Help it along a little bit by being
more emphatic about cutting off access to DNS.
- update to 1.11.3
- drop patch for RT#7605, fixed in this release
- drop patch for CVE-2002-2443, fixed in this release
- drop patch for RT#7369, fixed in this release
- pull upstream fix for breaking t_skew.py by adding the patch for #961221
- update to the 1.11 final release
- drop the rawbuild tag from a couple of patches which we don't actually
need to apply to get things to compile the way the package expects
- when building the new label for a file we're about to create, also mix
in the current range, in addition to the current user
- also package the PDF format admin, user, and install guides
- drop some PDFs that no longer get built right
- no longer need patches for #555875, #561174, #563431, RT#6661,
CVE-2010-0628
- replace buildrequires on tetex-latex with one on texlive-latex, which is
the package that provides it now
- temporarily bundling the krb5-appl package (split upstream as of 1.8)
until its package review is complete
- profile.d scriptlets are now only needed by -workstation-clients
- adjust paths in init scripts
- drop upstreamed fix for KDC denial of service (CVE-2010-0283)
- drop patch to check the user's password correctly using crypt(), which
isn't a code path we hit when we're using PAM
- don't trip AD lockout on wrong password (#542687, #554351)
- incorporates fixes for CVE-2009-4212 and CVE-2009-3295
- fixes gss_krb5_copy_ccache() when SPNEGO is used
- move sim_client/sim_server, gss-client/gss-server, uuclient/uuserver to
the devel subpackage, better lining up with the expected krb5/krb5-appl
split in 1.8
- drop kvno,kadmin,k5srvutil,ktutil from -workstation-servers, as it
already depends on -workstation which also includes them
CVE-2007-4000 (the new pkinit module is built conditionally and goes
into the -pkinit-openssl package, at least for now, to make a buildreq
loop with openssl avoidable)
- move workstation daemons to a new subpackage (#81836, #216356, #217301),
and make the new subpackage require xinetd (#211885)
We don't get static libraries any more. Holding off on build until
verification that this doesn't kill other things, or until we get them
building in a semi-useful way.
- first cut at making RPM scriptlets failproof for install-info
- pull up pre-generated PDF docs so that we don't have multiarch
differences due to document IDs, timestamps, and compressed data,
- pull up the script to make sure that the PDF matches its source to guard
against the package maintainer forgetting to update when we move to a
new release
