[krb5/f16] rebase to 1.9.4 and backport RT#7183

Nalin Dahyabhai nalin at fedoraproject.org
Fri Jun 22 20:55:25 UTC 2012 

commit e77d8c659e6e94ad64dee2ec125e2d81f08295cb
Author: Nalin Dahyabhai <nalin at dahyabhai.net>
Date:   Fri Jun 22 16:40:58 2012 -0400

    rebase to 1.9.4 and backport RT#7183
    
    - rebase to 1.9.4
      - drop the backport patch for CVE-2012-1013, no longer needed
      - drop some PDFs that no longer get built right
      - drop the backport patch for RT#6922, merged in as RT#7164
    - backport a fix to allow a PKINIT client to handle SignedData from a KDC
      that's signed with a certificate that isn't in the SignedData, but which
      is available as an anchor or intermediate on the client (RT#7183)

 .gitignore                       |    3 +++
 krb5-1.9.1-ai_addrconfig.patch   |   30 ------------------------------
 krb5-kadmind-null-password.patch |   33 ---------------------------------
 krb5.spec                        |   26 ++++++++++++++------------
 sources                          |    6 +++---
 5 files changed, 20 insertions(+), 78 deletions(-)
---
diff --git a/.gitignore b/.gitignore
index 2f044c3..b3ad897 100644
--- a/.gitignore
+++ b/.gitignore
@@ -62,3 +62,6 @@ krb5-1.8.3-pdf.tar.gz
 /krb5-1.9.3.tar.gz
 /krb5-1.9.3.tar.gz.asc
 /krb5-1.9.3-pdf.tar.bz2
+/krb5-1.9.4.tar.gz
+/krb5-1.9.4.tar.gz.asc
+/krb5-1.9.4-pdf.tar.bz2
diff --git a/krb5.spec b/krb5.spec
index daee98b..94f68f8 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -5,10 +5,10 @@
 
 Summary: The Kerberos network authentication system
 Name: krb5
-Version: 1.9.3
-Release: 2%{?dist}
+Version: 1.9.4
+Release: 1%{?dist}
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.3-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.9/krb5-1.9.4-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kprop.service
@@ -53,7 +53,6 @@ Patch75: krb5-pkinit-debug.patch
 Patch77: krb5-1.9-paren.patch
 Patch78: krb5-trunk-chpw-err.patch
 Patch79: krb5-klist_s.patch
-Patch82: krb5-1.9.1-ai_addrconfig.patch
 Patch83: krb5-1.9.1-ai_addrconfig2.patch
 Patch84: krb5-1.9.1-sendto_poll.patch
 Patch86: krb5-1.9-debuginfo.patch
@@ -63,7 +62,7 @@ Patch100: krb5-1.9-7046.patch
 Patch101: krb5-trunk-7047.patch
 Patch102: krb5-1.9-7048.patch
 Patch103: krb5-kvno-230379.patch
-Patch104: krb5-kadmind-null-password.patch
+Patch105: krb5-1.9-pkinit-anchorsign.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -214,7 +213,6 @@ ln -s NOTICE LICENSE
 %patch77 -p1 -b .paren
 %patch78 -p0 -b .chpw-err
 %patch79 -p1 -b .klist_s
-%patch82 -p0 -b .ai_addrconfig
 %patch83 -p0 -b .ai_addrconfig2
 %patch84 -p0 -b .sendto_poll
 %patch86 -p0 -b .debuginfo
@@ -224,7 +222,7 @@ ln -s NOTICE LICENSE
 %patch101 -p1 -b .7047
 %patch102 -p1 -b .7048
 %patch103 -p1 -b .kvno
-%patch104 -p1 -b .kadmind-null-password
+%patch105 -p1 -b .pkinit-anchorsign
 gzip doc/*.ps
 
 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -251,10 +249,6 @@ popd
 sh %{SOURCE24} check << EOF
 doc/api       library krb5
 doc/implement implement
-doc/kadm5     adb-unit-test
-doc/kadm5     api-unit-test
-doc/kadm5     api-funcspec
-doc/kadm5     api-server-design
 EOF
 
 # Generate an FDS-compatible LDIF file.
@@ -666,7 +660,6 @@ exit 0
 %doc doc/api/*.pdf
 %doc doc/ccapi
 %doc doc/implement/*.pdf
-%doc doc/kadm5/*.pdf
 %doc doc/kadmin
 %doc doc/kim
 %doc doc/krb5-protocol
@@ -703,6 +696,15 @@ exit 0
 %{_sbindir}/uuserver
 
 %changelog
+* Fri Jun 22 2012 Nalin Dahyabhai <nalin at redhat.com> 1.9.4-1
+- rebase to 1.9.4
+  - drop the backport patch for CVE-2012-1013, no longer needed
+  - drop some PDFs that no longer get built right
+  - drop the backport patch for RT#6922, merged in as RT#7164
+- backport a fix to allow a PKINIT client to handle SignedData from a KDC
+  that's signed with a certificate that isn't in the SignedData, but which
+  is available as an anchor or intermediate on the client (RT#7183)
+
 * Fri Jun  1 2012 Nalin Dahyabhai <nalin at redhat.com> 1.9.3-2
 - pull up the patch to correct a possible NULL pointer dereference in
   kadmind (CVE-2012-1013, #827598)
diff --git a/sources b/sources
index 3716639..c055bf6 100644
--- a/sources
+++ b/sources
@@ -1,3 +1,3 @@
-880b69df9efc2921c6749b3adf66af66  krb5-1.9.3.tar.gz
-cb1b7e87ebc9d40725d14caf1bbb2bb9  krb5-1.9.3.tar.gz.asc
-e776e7c50bbb7681224387f783b49b98  krb5-1.9.3-pdf.tar.bz2
+8fd6646dc8ba4d49a6464400c61b06f0  krb5-1.9.4.tar.gz
+015e8e29a2fc1db06a04c5539692d5b7  krb5-1.9.4.tar.gz.asc
+9f0d13e12eed31b176aa5db34d47afff  krb5-1.9.4-pdf.tar.bz2

More information about the scm-commits mailing list