@ -1,27 +1,3 @@
%bcond_without check
%if %{without check}
%global skipcheck 1
%endif
# COPR doesn't work right with the tests. I suspect keyring issues,
# but can't actually debug, so...
%if 0%{?copr_username:1}
%global skipcheck 1
%endif
# There are 0 test machines for this architecture, very few builders, and
# they're not very well provisioned / maintained. I can't support it.
# Patches welcome, but there's nothing I can do - it fails more than half the
# for "infrastructure issues" that I can't hope to debug.
%ifarch s390x
%global skipcheck 1
%endif
# RHEL runs upstream's test suite in a separate pass after build.
%if 0%{?rhel}
%global skipcheck 1
%endif
# Set this so that find-lang.sh will recognize the .po files.
# Set this so that find-lang.sh will recognize the .po files.
%global gettext_domain mit-krb5
%global gettext_domain mit-krb5
# Guess where the -libs subpackage's docs are going to go.
# Guess where the -libs subpackage's docs are going to go.
@ -34,7 +10,7 @@
#
#
# baserelease is what we have standardized across Fedora and what
# baserelease is what we have standardized across Fedora and what
# rpmdev-bumpspec knows how to handle.
# rpmdev-bumpspec knows how to handle.
%global baserelease 4
%global baserelease 5
# This should be e.g. beta1 or %%nil
# This should be e.g. beta1 or %%nil
%global pre_release %nil
%global pre_release %nil
@ -48,7 +24,7 @@
%global krb5_version_major 1
%global krb5_version_major 1
%global krb5_version_minor 21
%global krb5_version_minor 21
# For a release without a patch number set to %%nil
# For a release without a patch number set to %%nil
%global krb5_version_patch 1
%global krb5_version_patch 3
%global krb5_version_major_minor %{krb5_version_major}.%{krb5_version_minor}
%global krb5_version_major_minor %{krb5_version_major}.%{krb5_version_minor}
%global krb5_version %{krb5_version_major_minor}
%global krb5_version %{krb5_version_major_minor}
@ -68,7 +44,6 @@ Release: %{krb5_release}%{?dist}
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz.asc
Source1: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz.asc
# Numbering is a relic of old init systems etc. It's easiest to just leave.
Source2: kprop.service
Source2: kprop.service
Source3: kadmin.service
Source3: kadmin.service
Source4: krb5kdc.service
Source4: krb5kdc.service
@ -82,6 +57,7 @@ Source11: ksu.pamd
Source12: krb5kdc.logrotate
Source12: krb5kdc.logrotate
Source13: kadmind.logrotate
Source13: kadmind.logrotate
Source14: krb5-krb5kdc.conf
Source14: krb5-krb5kdc.conf
Source15: %{name}-tests
Patch0001: 0001-downstream-Revert-Don-t-issue-session-keys-with-depr.patch
Patch0001: 0001-downstream-Revert-Don-t-issue-session-keys-with-depr.patch
Patch0002: 0002-downstream-ksu-pam-integration.patch
Patch0002: 0002-downstream-ksu-pam-integration.patch
@ -97,20 +73,19 @@ Patch0011: 0011-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch
Patch0012: 0012-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
Patch0012: 0012-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch
Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch
Patch0015: 0015-Fix-double-free-in-KDC-TGS-processing .patch
Patch0015: 0015-Eliminate-old-style-function-declarations .patch
Patch0016: 0016-Eliminate-old-style-function-declaration s.patch
Patch0016: 0016-Replace-ssl.wrap_socket-for-test s.patch
Patch0017: 0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE .patch
Patch0017: 0017-Fix-unimportant-memory-leaks .patch
Patch0018: 0018-Add-request_timeout-configuration-parameter .patch
Patch0018: 0018-End-connection-on-KDC_ERR_SVC_UNAVAILABLE .patch
Patch0019: 0019-Wait-indefinitely-on-KDC-TCP-connections .patch
Patch0019: 0019-Add-request_timeout-configuration-parameter .patch
Patch0020: 0020-Avoid-strict-prototype-compiler-error s.patch
Patch0020: 0020-Wait-indefinitely-on-KDC-TCP-connection s.patch
Patch0021: 0021-Fix-leak-in-KDC-NDR-encoding .patch
Patch0021: 0021-Remove-klist-s-defname-global-variable .patch
Patch0022: 0022-Fix-two-unlikely-memory-leaks.patch
Patch0022: 0022-Fix-two-unlikely-memory-leaks.patch
Patch0023: 0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch0023: 0023-Remove-PKINIT-RSA-support.patch
Patch0024: 0024-Remove-PKINIT-RSA-support.patch
Patch0024: 0024-Fix-various-issues-detected-by-static-analysis.patch
Patch0025: 0025-Fix-various-issues-detected-by-static-analysis.patch
Patch0025: 0025-Generate-and-verify-message-MACs-in-libkrad.patch
Patch0026: 0026-Generate-and-verify-message-MACs-in-libkrad.patch
License: MIT
License: Brian-Gladman-2-Clause AND BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision
URL: https://web.mit.edu/kerberos/www/
URL: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
BuildRequires: gcc, gcc-c++
BuildRequires: gcc, gcc-c++
@ -130,17 +105,18 @@ BuildRequires: perl-interpreter
# For autosetup
# For autosetup
BuildRequires: git
BuildRequires: git
%if 0%{?skipcheck}
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
# Need KDFs. This is the "real" version
BuildRequires: openssl-devel >= 1:3.0.0
%else
%else
BuildRequires: dejagnu
# Need KDFs. This is the backported version
BuildRequires: net-tools, rpcbind
BuildRequires: openssl-devel >= 1:1.1.1d-4
BuildRequires: hostname
BuildRequires: openssl-devel < 1:3.0.0
BuildRequires: iproute
BuildRequires: python3-pyrad
%endif
%endif
# Need KDFs. This is the "real" version
# Enable compilation of optional tests
BuildRequires: openssl-devel >= 1:3.0.0
BuildRequires: resolv_wrapper
BuildRequires: libcmocka-devel
%description
%description
Kerberos V5 is a trusted-third-party network authentication system,
Kerberos V5 is a trusted-third-party network authentication system,
@ -166,8 +142,13 @@ to install this package.
%package libs
%package libs
Summary: The non-admin shared libraries used by Kerberos 5
Summary: The non-admin shared libraries used by Kerberos 5
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
Requires: openssl-libs >= 1:3.0.0
Requires: openssl-libs >= 1:3.0.0
Requires: coreutils, gawk, grep, sed
%else
Requires: openssl-libs >= 1:1.1.1d-4
Requires: openssl-libs < 1:3.0.0
%endif
Requires: coreutils, gawk, sed
Requires: keyutils-libs >= 1.5.8
Requires: keyutils-libs >= 1.5.8
Requires: /etc/crypto-policies/back-ends/krb5.config
Requires: /etc/crypto-policies/back-ends/krb5.config
@ -185,8 +166,8 @@ Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(postun): systemd-units
# we drop files in its directory, but we don't want to own that directory
# we drop files in its directory, but we don't want to own that directory
Requires: logrotate
Requires: logrotate
# we specify /usr/share/dict/words as the default dict_file in kdc.conf
# we specify /usr/share/dict/words (provided by words) as the default dict_file in kdc.conf
Requires: /usr/share/dict/ words
Requires: words
# for run-time, and for parts of the test suite
# for run-time, and for parts of the test suite
BuildRequires: libverto-module-base
BuildRequires: libverto-module-base
Requires: libverto-module-base
Requires: libverto-module-base
@ -246,6 +227,51 @@ Kerberos is a network authentication system. The libkadm5 package
contains only the libkadm5clnt and libkadm5serv shared objects. This
contains only the libkadm5clnt and libkadm5serv shared objects. This
interface is not considered stable.
interface is not considered stable.
%package tests
Summary: Test sources for krb5 build
# Build dependencies
Requires: coreutils, gawk, sed
Requires: gcc-c++
Requires: gettext
Requires: libcom_err-devel
Requires: libselinux-devel
Requires: libss-devel
Requires: libverto-devel
Requires: lmdb-devel
Requires: openldap-devel
Requires: pam-devel
Requires: redhat-rpm-config
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
Requires: openssl-devel >= 1:3.0.0
%else
Requires: openssl-devel >= 1:1.1.1d-4
Requires: openssl-devel < 1:3.0.0
%endif
# Test dependencies
Requires: dejagnu
Requires: hostname
Requires: iproute
Requires: keyutils, keyutils-libs-devel >= 1.5.8
Requires: libcmocka-devel
Requires: libverto-module-base
Requires: logrotate
Requires: net-tools, rpcbind
Requires: perl-interpreter
Requires: procps-ng
Requires: python3-kdcproxy
Requires: resolv_wrapper
Requires: /etc/crypto-policies/back-ends/krb5.config
Requires: words
Recommends: python3-pyrad
Recommends: openldap-servers
Recommends: openldap-clients
%description tests
FOR TESTING PURPOSE ONLY
Test sources for krb5 build, with pre-defined compilation parameters
%prep
%prep
%autosetup -S git_am -n %{name}-%{version}%{?dashpre}
%autosetup -S git_am -n %{name}-%{version}%{?dashpre}
ln NOTICE LICENSE
ln NOTICE LICENSE
@ -288,6 +314,7 @@ sed -i -e \
"s,params.kadmind_port = 61001;,params.kadmind_port = $((PORT + 1));," \
"s,params.kadmind_port = 61001;,params.kadmind_port = $((PORT + 1));," \
src/lib/kadm5/t_kadm5.c
src/lib/kadm5/t_kadm5.c
%build
%build
# Go ahead and supply tcl info, because configure doesn't know how to find it.
# Go ahead and supply tcl info, because configure doesn't know how to find it.
source %{_libdir}/tclConfig.sh
source %{_libdir}/tclConfig.sh
@ -355,17 +382,6 @@ sphinx-build -a -b man -t pathsubs doc build-man
sphinx-build -a -b html -t pathsubs doc build-html
sphinx-build -a -b html -t pathsubs doc build-html
rm -fr build-html/_sources
rm -fr build-html/_sources
%if 0%{?skipcheck}
%else
%check
pushd src
# The build system may give us a revoked session keyring, so run affected
# tests with a new one.
keyctl session - make check OFFLINE=yes TMPDIR=%{_tmppath}
popd
%endif
%install
%install
[ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
[ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
@ -454,9 +470,10 @@ install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata
# list of link flags, and it helps prevent file conflicts on multilib systems.
# list of link flags, and it helps prevent file conflicts on multilib systems.
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
# Workaround for krb5-config reading too much from LDFLAGS.
# Workaround krb5-config reading too much from LDFLAGS.
# https://bugzilla.redhat.com/show_bug.cgi?id=1997021
# https://bugzilla.redhat.com/show_bug.cgi?id=1997021
sed -r -i -e "s/-specs=[^ ]*//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
# https://bugzilla.redhat.com/show_bug.cgi?id=2048909
sed -i -r -e 's/^(LDFLAGS=).*/\1/' $RPM_BUILD_ROOT%{_bindir}/krb5-config
# Install processed man pages.
# Install processed man pages.
for section in 1 5 8 ; do
for section in 1 5 8 ; do
@ -481,16 +498,43 @@ rm -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/services.append"
# This is only needed for tests
# This is only needed for tests
rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
# Generate tests launching script
sed -e 's/{{ name }}/%{name}/g' \
-e 's/{{ version }}/%{krb5_version}/g' \
-e 's/{{ release }}/%{krb5_release}/g' \
-e 's/{{ arch }}/%{_arch}/g' \
-i %{SOURCE15}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -pm 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tests-%{_arch}
# Copy source files from build folder to system data folder
install -pdm 755 $RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}
pushd src
cp -p --parents -t "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/" \
$(find . -type f -exec file -i "{}" + \
| sed -ne 's|^\./\([^:]\+\): \+text/.\+$|\1|p' | grep -Ev '~$')
popd
# Copy binary test files
install -pm 644 src/tests/pkinit-certs/*.p12 \
"$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/tests/pkinit-certs/"
install -pm 644 src/tests/au_dict.json \
"$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/tests/"
# Unset executable bit if no shebang in script
for f in $(find "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/" -type f -executable)
do
head -n1 "$f" | grep -Eq '^#!' || chmod a-x "$f"
done
# Remove broken shebang Perl scripts
rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/config/wconfig.pl"
rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/kadmin/kdbkeys/do-test.pl"
%find_lang %{gettext_domain}
%find_lang %{gettext_domain}
%ldconfig_scriptlets libs
%ldconfig_scriptlets libs
%triggerun libs -- krb5-libs < 1.15.1-5
if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
sed -i '1i # To opt out of the system crypto-policies configuration of krb5, remove the\n# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf
fi
exit 0
%ldconfig_scriptlets server-ldap
%ldconfig_scriptlets server-ldap
%post server
%post server
@ -672,166 +716,235 @@ exit 0
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%files tests
%{_libexecdir}/%{name}-tests-%{_arch}
%{_datarootdir}/%{name}-tests/%{_arch}
%changelog
%changelog
* Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4
* Mon Nov 04 2024 Julien Rische <jrische@redhat.com> - 1.21.3-5
- Make test dependencies optional if not part of CentOS/RHEL 10
Resolves: RHEL-65724
* Wed Oct 30 2024 Julien Rische <jrische@redhat.com> - 1.21.3-4
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55423
Resolves: RHEL-55427
- Fix various issues detected by static analysis
- Fix various issues detected by static analysis
Resolves: RHEL-58216
Resolves: RHEL-4 5165
- Remove RSA protocol for PKINIT
- Remove RSA protocol for PKINIT
Resolves: RHEL-15323
Resolves: RHEL-56070
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.21.3-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.21.3-2
- Rebuilt for MSVSphere 10
* Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-2
- Do not include files with "~" termination in krb5-tests
Resolves: RHEL-45995
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-1
- New upstream version (1.21.3)
- CVE-2024-37370 CVE-2024-37371
- CVE-2024-37370 CVE-2024-37371
Fix vulnerabilities in GSS message token handling
Fix vulnerabilities in GSS message token handling
Resolves: RHEL-45402 RHEL-45392
Resolves: RHEL-45387 RHEL-45378
* Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2
- Fix memory leak in GSSAPI interface
- Fix memory leak in GSSAPI interface
Resolves: RHEL-27251
Resolves: RHEL-47284
- Fix memory leak in PMAP RPC interface
- Fix memory leak in PMAP RPC interface
Resolves: RHEL-27245
Resolves: RHEL-47287
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
Resolves: RHEL-27253
Resolves: RHEL-47285
- Make TCP waiting time configurable
- Make TCP waiting time configurable
Resolves: RHEL-17132
Resolves: RHEL-47278
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.21.2-7
- Bump release for June 2024 mass rebuild
* Wed Jun 19 2024 Julien Rische <jrische@redhat.com> - 1.21.2-6
- Add missing SPDX license identifiers
Resolves: RHEL-44383
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 17 2024 Julien Rische <jrische@redhat.com> - 1.21.2-3
- Fix double free in klist's show_ccache()
Resolves: rhbz#2257301
- Store krb5-tests files in architecture-specific directories
Resolves: rhbz#2244601
* Tue Oct 10 2023 Julien Rische <jrische@redhat.com> - 1.21.2-2
- Use SPDX expression for license tag
- Fix unimportant memory leaks
Resolves: rhbz#2223274
* Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1
* Wed Aug 16 2023 Julien Rische <jrische@redhat.com> - 1.21.2 -1
- New upstream version (1.21.1)
- New upstream version (1.21.2 )
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Add support for "pac_privsvr_enctype" KDB string attribute
Resolves: rhbz#2229113
Resolves: rhbz#2060421
- Make tests compatible with Python 3.12
Resolves: rhbz#2224013
* Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.21-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 29 2023 Marek Blaha <mblaha@redhat.com> - 1.21-2
- Replace file dependency with package name
Resolves: rhbz#2216903
* Mon Jun 12 2023 Julien Rische <jrische@redhat.com> - 1.21-1
- New upstream version (1.21)
- Do not disable PKINIT if some of the well-known DH groups are unavailable
- Do not disable PKINIT if some of the well-known DH groups are unavailable
Resolves: rhbz#2187722
Resolves: rhbz#2214 297
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
Resolves: rhbz#2155607
Resolves: rhbz#2214300
- Allow to set PAC ticket signature as optional
- Allow to set PAC ticket signature as optional
Resolves: rhbz#2178298
Resolves: rhbz#2181311
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
* Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
Resolves: rhbz#2166001
- Fix datetime parsing in kadmin on s390x
- Fix syntax error in aclocal.m4
Resolves: rhbz#2169985
Resolves: rhbz#2143306
* Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7
- Fix double free on kdb5_util key creation failure
Resolves: rhbz#2166603
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
Resolves: rhbz#2165827
Resolves: rhbz#2166001
* Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5
* Mon Jan 30 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
Resolves: rhbz#2162461
* Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.1-7
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 18 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
Resolves: rhbz#2068535
Resolves: rhbz#2114771
* Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2
* Mon Jan 09 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5
- Strip debugging data from ksu executable file
- Strip debugging data from ksu executable file
Resolves: rhbz#2159643
* Wed Dec 07 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
* Thu Jan 05 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
- Make tests compatible with sssd-client
- Include missing OpenSSL FIPS header
Resolves: rhbz#2151513
- Make tests compatible with sssd_krb5_locator_plugin.so
- Remove invalid password expiry warning
Resolves: rhbz#2121099
* Tue Dec 06 2022 Julien Rische <jrische@redhat.com> - 1.20.1-3
- Update error checking for OpenSSL CMS_verify
- Enable TMT integration with Fedora CI
Resolves: rhbz#2063838
- New upstream version (1.20.1)
Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
Resolves: rhbz#2140971
* Tue Oct 18 2022 Julien Rische <jrische@redhat.com> - 1.19.1-23
* Thu Dec 1 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.20.1-2
- Fix kprop for propagating dump files larger than 4GB
- Bump KDB ABI version provide to 9.0
Resolves: rhbz#2133014
* Fri Jul 08 2022 Julien Rische <jrische@redhat.com> - 1.19.1-22
* Wed Nov 23 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
- New upstream version (1.20.1)
Resolves: rhbz#2124463
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
Resolves: rhbz#2068935
Resolves: rhbz#2114766
- Update error checking for OpenSSL CMS_verify
Resolves: rhbz#2119704
- Remove invalid password expiry warning
Resolves: rhbz#2129113
* Thu Jun 23 2022 Julien Rische <jrische@redhat.com> - 1.19.1-21
* Wed Nov 09 2022 Julien Rische <jrische@redhat.com> - 1.19.2-13
- Fix libkrad client cleanup
- Fix integer overflows in PAC parsing (CVE-2022-42898)
- Allow use of larger RADIUS attributes in krad library
Resolves: rhbz#2143011
Resolves: rhbz#2100351
* Thu May 12 2022 Julien Rische <jrische@redhat.com> - 1.19.1-20
* Tue Aug 02 2022 Andreas Schneider <asn@redhat.com> - 1.19.2-12
- Fix OpenSSL 3 MD5 encyption in FIPS mode
- Use baserelease to set the release number
- Do not define netlib, but use autoconf detection for res_* functions
- Add missing BR for resolv_wrapper to run t_discover_uri.py
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.2-11.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Wed Jun 15 2022 Julien Rische <jrische@redhat.com> - 1.19.2-11
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
Resolves: rhbz#2068458
Resolves: rhbz#2082189
- Read GSS configuration files with mtime 0
* Mon May 02 2022 Julien Rische <jrische@redhat.com> - 1.19.1-19
* Mon May 2 2022 Julien Rische <jrische@redhat.com> - 1.19.2-10
- Use p11-kit as default PKCS11 module
- Use p11-kit as default PKCS11 module
Resolves: rhbz#2030981
Resolves: rhbz#2073274
* Tue Apr 26 2022 Julien Rische <jrische@redhat.com> - 1.19.1-18
- Try harder to avoid password change replay errors
- Try harder to avoid password change replay errors
Resolves: rhbz#2075186
Resolves: rhbz#2072059
* Tue Apr 05 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-9
- Fix libkrad client cleanup
- Fixes rhbz#2072059
* Mon Mar 14 2022 Julien Rische <jrische@redhat.com> - 1.19.1-15
* Tue Apr 05 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-8
- Allow use of larger RADIUS attributes in krad library
* Wed Mar 23 2022 Julien Rische <jrische@redhat.com> - 1.19.2-7
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
* Thu Feb 24 2022 Julien Rische <jrische@redhat.com> - 1.19.1-14
* Tue Feb 8 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.19.2-6
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Drop old trigger scriplet
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Reenable package notes and strip LDFLAGS from krb5-config (rhbz#2048909)
* Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-5
- Temporarily remove package note to unblock krb5-dependent packages
Resolves: rhbz#2048909
* Fri Dec 17 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-13
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.2-4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 3 2021 Antonio Torres <antorres@redhat.com> - 1.19.2-4
- Add patches to support OpenSLL 3.0.0
- Remove TCL-based libkadm5 API tests
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.19.2-3.1
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 24 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2-3
- Remove -specs= from krb5-config output
- Remove -specs= from krb5-config output
- Resolves rhbz#1997021
* Wed Oct 20 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-12
* Thu Aug 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2- 2
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
Resolves: rhbz#1997602
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-11.1
* Mon Jul 26 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2-1
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
- New upstream version (1.19.2)
Related: rhbz#1991688
* Tue Jul 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-11
* Wed Jul 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-15
- Fix defcred leak in krb5 gss_inquire_cred()
* Mon Jul 12 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-14
- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
Resolves: rhbz#1983733
* Wed Jul 14 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-10
* Thu Jul 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-13
- Update OpenSSL 3 provider handling to clean up properly
- Fix use-after-free during krad remote_shutdown()
Resolves: rhbz#1955873
* Mon Jun 28 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-12
- MEMORY locking fix and static analysis pullup
* Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-9
* Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-11
- Sync openssl3 patches with upstream
- Add the backward-compatible parts of openssl3 support
Resolves: rhbz#1955873
* Thu Jun 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-8
* Wed Jun 09 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-10
- Rebuild for rpminspect and mass rebuild cleanup; no code changes
- Fix three canonicalization cases for fallback
Resolves: rhbz#1967505
* Thu Jun 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-7
* Wed Jun 02 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-9
- Fix several fallback canonicalization problems
- Fix doc build for Sphinx 4.0
Resolves: rhbz#1967505
* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-6.1
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-8
- Rebuilt for RHEL 9 BETA for openssl 3.0
- Add all the sssd-kcm workarounds
Resolves: rhbz#1971065
* Thu Jun 10 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-6
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-7
- Backport KCM retrieval fixes
- Fix context for previous backport
Resolves: rhbz#1956403
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-6
- Fix DES3 mention in KDFs
- Add KCM_OP_GET_CRED_LIST and KCM_OP_RETRIEVE support
Resolves: rhbz#1955873
* Wed May 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-4
* Tue May 04 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
- Port to OpenSSL 3 (alpha 15)
- Suppress static analyzer warning in FIPS override
Resolves: rhbz#1955873
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-3.1
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.19.1-3.1
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Mon Mar 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-3
* Mon Mar 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-3
- Further test dependency fixes; no code changes
- Further test dependency fixes; no code changes
@ -1799,8 +1912,8 @@ exit 0
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
- Remove Zanata test glue and related workarounds
- Remove Zanata test glue and related workarounds
- Bug rhbz#1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- rhbz#1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- Bug rhbz#1234326 ("krb5-server introduces new rpm dependency on ksh")
- rhbz#1234326 ("krb5-server introduces new rpm dependency on ksh")
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
- Fix dependicy on binfmt.service
- Fix dependicy on binfmt.service
@ -1809,12 +1922,12 @@ exit 0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
- Add patch to fix Redhat Bug rhbz#1227542 ("[SELinux] AVC denials may appear
- Add patch to fix Redhat rhbz#1227542 ("[SELinux] AVC denials may appear
when kadmind starts"). The issue was caused by an unneeded |htons()|
when kadmind starts"). The issue was caused by an unneeded |htons()|
which triggered SELinux AVC denials due to the "random" port usage.
which triggered SELinux AVC denials due to the "random" port usage.
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
- Add fix for RedHat Bug rhbz#1164304 ("Upstream unit tests loads
- Add fix for RedHat rhbz#1164304 ("Upstream unit tests loads
the installed shared libraries instead the ones from the build")
the installed shared libraries instead the ones from the build")
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
@ -1835,7 +1948,7 @@ exit 0
dictionary attack against the user's password.
dictionary attack against the user's password.
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
- Add temporay workaround for RH bug rhbz#1204646 ("krb5-config
- Add temporay workaround for RH rhbz#1204646 ("krb5-config
returns wrong -specs path") which modifies krb5-config post
returns wrong -specs path") which modifies krb5-config post
build so that development of krb5 dependicies gets unstuck.
build so that development of krb5 dependicies gets unstuck.
This MUST be removed before rawhide becomes F23 ...
This MUST be removed before rawhide becomes F23 ...
@ -1994,7 +2107,7 @@ exit 0
* Tue Jan 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-2
* Tue Jan 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-2
- pull in multiple changes to allow replay caches to be added to a GSS
- pull in multiple changes to allow replay caches to be added to a GSS
credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
credential store as "rcache"-type credentials (RT#7818/rhbz #7819/rhbz #7836,
rhbz#1056078/rhbz#1056080)
rhbz#1056078/rhbz#1056080)
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
@ -2397,9 +2510,9 @@ exit 0
* Thu Nov 15 2012 Nalin Dahyabhai <nalin@redhat.com>
* Thu Nov 15 2012 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.11 alpha 1
- update to 1.11 alpha 1
- drop backported patch for RT #7406
- drop backported patch for RT rhbz #7406
- drop backported patch for RT #7407
- drop backported patch for RT rhbz #7407
- drop backported patch for RT #7408
- drop backported patch for RT rhbz #7408
- the new docs system generates PDFs, so stop including them as sources
- the new docs system generates PDFs, so stop including them as sources
- drop backported patch to allow deltat.y to build with the usual
- drop backported patch to allow deltat.y to build with the usual
warning flags and the current gcc
warning flags and the current gcc
@ -2589,7 +2702,7 @@ exit 0
should be able to run inside of the build system without issue
should be able to run inside of the build system without issue
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19
- Rebuilt for glibc bug rhbz#747377
- Rebuilt for glibc rhbz#747377
* Tue Oct 18 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-18
* Tue Oct 18 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-18
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
@ -2782,7 +2895,7 @@ exit 0
k5login_directory settings for krb5.conf (rhbz#539423)
k5login_directory settings for krb5.conf (rhbz#539423)
* Wed Sep 29 2010 jkeating - 1.8.3-5
* Wed Sep 29 2010 jkeating - 1.8.3-5
- Rebuilt for gcc bug 634757
- Rebuilt for gcc rhbz# 634757
* Wed Sep 15 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-4
* Wed Sep 15 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-4
- fix reading of keyUsage extensions when attempting to select pkinit client
- fix reading of keyUsage extensions when attempting to select pkinit client
@ -2802,20 +2915,20 @@ exit 0
- update to 1.8.3
- update to 1.8.3
- drop backports of fixes for gss context expiration and error table
- drop backports of fixes for gss context expiration and error table
registration/deregistration mismatch
registration/deregistration mismatch
- drop patch for upstream #6750
- drop patch for upstream rhbz #6750
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-3
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-3
- tell krb5kdc and kadmind to create pid files, since they can
- tell krb5kdc and kadmind to create pid files, since they can
- add logrotate configuration files for krb5kdc and kadmind (rhbz#462658)
- add logrotate configuration files for krb5kdc and kadmind (rhbz#462658)
- fix parsing of the pidfile option in the KDC (upstream #6750)
- fix parsing of the pidfile option in the KDC (upstream rhbz #6750)
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-2
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-2
- libgssapi: pull in patch from svn to stop returning context-expired errors
- libgssapi: pull in patch from svn to stop returning context-expired errors
when the ticket which was used to set up the context expires (rhbz#605366,
when the ticket which was used to set up the context expires (rhbz#605366,
upstream #6739)
upstream rhbz #6739)
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com>
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com>
- pull up fix for upstream #6745, in which the gssapi library would add the
- pull up fix for upstream rhbz #6745, in which the gssapi library would add the
wrong error table but subsequently attempt to unload the right one
wrong error table but subsequently attempt to unload the right one
* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
@ -3407,7 +3520,7 @@ exit 0
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com>
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com>
- initial update to 1.6, pre-package-reorg
- initial update to 1.6, pre-package-reorg
- move workstation daemons to a new subpackage (#81836, rhbz#216356, rhbz#217301), and
- move workstation daemons to a new subpackage (rhbz #81836, rhbz#216356, rhbz#217301), and
make the new subpackage require xinetd (rhbz#211885)
make the new subpackage require xinetd (rhbz#211885)
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.5-18
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.5-18
@ -3441,7 +3554,7 @@ exit 0
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-10
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-10
- rename krb5.sh and krb5.csh so that they don't overlap (rhbz#210623)
- rename krb5.sh and krb5.csh so that they don't overlap (rhbz#210623)
- way-late application of added error info in kadmind.init (#65853)
- way-late application of added error info in kadmind.init (rhbz #65853)
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-9.pal_18695
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-9.pal_18695
- add backport of in-development preauth module interface (rhbz#208643)
- add backport of in-development preauth module interface (rhbz#208643)
@ -3543,7 +3656,7 @@ exit 0
* Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
* Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
- change the default configured encryption type for KDC databases to the
- change the default configured encryption type for KDC databases to the
compiled-in default of des3-hmac-sha1 (#57847)
compiled-in default of des3-hmac-sha1 (rhbz #57847)
* Thu Aug 11 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
* Thu Aug 11 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
@ -4105,7 +4218,7 @@ exit 0
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %%{_infodir} to better comply with FHS
- use %%{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- move .so files to -devel subpackage
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- tweak xinetd config files (bugs rhbz #11833, rhbz #11835, rhbz #11836, rhbz #11840)
- fix package descriptions again
- fix package descriptions again
* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
@ -4142,7 +4255,7 @@ exit 0
- fix configure stuff for ia64
- fix configure stuff for ia64
* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
- add LDCOMBINE=-lc to configure invocation to use libc versioning (rhbz #10653)
- change Requires: for/in subpackages to include %%{version}
- change Requires: for/in subpackages to include %%{version}
* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
