@ -1,3 +1,27 @@
%bcond_without check
%if %{without check}
%global skipcheck 1
%endif
# COPR doesn't work right with the tests. I suspect keyring issues,
# but can't actually debug, so...
%if 0%{?copr_username:1}
%global skipcheck 1
%endif
# There are 0 test machines for this architecture, very few builders, and
# they're not very well provisioned / maintained. I can't support it.
# Patches welcome, but there's nothing I can do - it fails more than half the
# for "infrastructure issues" that I can't hope to debug.
%ifarch s390x
%global skipcheck 1
%endif
# RHEL runs upstream's test suite in a separate pass after build.
%if 0%{?rhel}
%global skipcheck 1
%endif
# Set this so that find-lang.sh will recognize the .po files.
# Set this so that find-lang.sh will recognize the .po files.
%global gettext_domain mit-krb5
%global gettext_domain mit-krb5
# Guess where the -libs subpackage's docs are going to go.
# Guess where the -libs subpackage's docs are going to go.
@ -10,7 +34,7 @@
#
#
# baserelease is what we have standardized across Fedora and what
# baserelease is what we have standardized across Fedora and what
# rpmdev-bumpspec knows how to handle.
# rpmdev-bumpspec knows how to handle.
%global baserelease 5
%global baserelease 4
# This should be e.g. beta1 or %%nil
# This should be e.g. beta1 or %%nil
%global pre_release %nil
%global pre_release %nil
@ -24,7 +48,7 @@
%global krb5_version_major 1
%global krb5_version_major 1
%global krb5_version_minor 21
%global krb5_version_minor 21
# For a release without a patch number set to %%nil
# For a release without a patch number set to %%nil
%global krb5_version_patch 3
%global krb5_version_patch 1
%global krb5_version_major_minor %{krb5_version_major}.%{krb5_version_minor}
%global krb5_version_major_minor %{krb5_version_major}.%{krb5_version_minor}
%global krb5_version %{krb5_version_major_minor}
%global krb5_version %{krb5_version_major_minor}
@ -44,6 +68,7 @@ Release: %{krb5_release}%{?dist}
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
Source0: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz.asc
Source1: https://web.mit.edu/kerberos/dist/krb5/%{krb5_version_major_minor}/krb5-%{krb5_version}%{?krb5_pre_release}.tar.gz.asc
# Numbering is a relic of old init systems etc. It's easiest to just leave.
Source2: kprop.service
Source2: kprop.service
Source3: kadmin.service
Source3: kadmin.service
Source4: krb5kdc.service
Source4: krb5kdc.service
@ -57,7 +82,6 @@ Source11: ksu.pamd
Source12: krb5kdc.logrotate
Source12: krb5kdc.logrotate
Source13: kadmind.logrotate
Source13: kadmind.logrotate
Source14: krb5-krb5kdc.conf
Source14: krb5-krb5kdc.conf
Source15: %{name}-tests
Patch0001: 0001-downstream-Revert-Don-t-issue-session-keys-with-depr.patch
Patch0001: 0001-downstream-Revert-Don-t-issue-session-keys-with-depr.patch
Patch0002: 0002-downstream-ksu-pam-integration.patch
Patch0002: 0002-downstream-ksu-pam-integration.patch
@ -73,19 +97,20 @@ Patch0011: 0011-downstream-Allow-KRB5KDF-MD5-and-MD4-in-FIPS-mode.patch
Patch0012: 0012-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
Patch0012: 0012-downstream-Allow-to-set-PAC-ticket-signature-as-opti.patch
Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
Patch0013: 0013-downstream-Make-PKINIT-CMS-SHA-1-signature-verificat.patch
Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch
Patch0014: 0014-Enable-PKINIT-if-at-least-one-group-is-available.patch
Patch0015: 0015-Eliminate-old-style-function-declarations .patch
Patch0015: 0015-Fix-double-free-in-KDC-TGS-processing .patch
Patch0016: 0016-Replace-ssl.wrap_socket-for-test s.patch
Patch0016: 0016-Eliminate-old-style-function-declaration s.patch
Patch0017: 0017-Fix-unimportant-memory-leaks .patch
Patch0017: 0017-End-connection-on-KDC_ERR_SVC_UNAVAILABLE .patch
Patch0018: 0018-End-connection-on-KDC_ERR_SVC_UNAVAILABLE .patch
Patch0018: 0018-Add-request_timeout-configuration-parameter .patch
Patch0019: 0019-Add-request_timeout-configuration-parameter .patch
Patch0019: 0019-Wait-indefinitely-on-KDC-TCP-connections .patch
Patch0020: 0020-Wait-indefinitely-on-KDC-TCP-connection s.patch
Patch0020: 0020-Avoid-strict-prototype-compiler-error s.patch
Patch0021: 0021-Remove-klist-s-defname-global-variable .patch
Patch0021: 0021-Fix-leak-in-KDC-NDR-encoding .patch
Patch0022: 0022-Fix-two-unlikely-memory-leaks.patch
Patch0022: 0022-Fix-two-unlikely-memory-leaks.patch
Patch0023: 0023-Remove-PKINIT-RSA-support.patch
Patch0023: 0023-Fix-vulnerabilities-in-GSS-message-token-handling.patch
Patch0024: 0024-Fix-various-issues-detected-by-static-analysis.patch
Patch0024: 0024-Remove-PKINIT-RSA-support.patch
Patch0025: 0025-Generate-and-verify-message-MACs-in-libkrad.patch
Patch0025: 0025-Fix-various-issues-detected-by-static-analysis.patch
Patch0026: 0026-Generate-and-verify-message-MACs-in-libkrad.patch
License: Brian-Gladman-2-Clause AND BSD-2-Clause AND (BSD-2-Clause OR GPL-2.0-or-later) AND BSD-2-Clause-first-lines AND BSD-3-Clause AND BSD-4-Clause AND CMU-Mach-nodoc AND FSFULLRWD AND HPND AND HPND-export2-US AND HPND-export-US AND HPND-export-US-acknowledgement AND HPND-export-US-modify AND ISC AND MIT AND MIT-CMU AND OLDAP-2.8 AND OpenVision
License: MIT
URL: https://web.mit.edu/kerberos/www/
URL: https://web.mit.edu/kerberos/www/
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
BuildRequires: autoconf, bison, make, flex, gawk, gettext, pkgconfig, sed
BuildRequires: gcc, gcc-c++
BuildRequires: gcc, gcc-c++
@ -105,18 +130,17 @@ BuildRequires: perl-interpreter
# For autosetup
# For autosetup
BuildRequires: git
BuildRequires: git
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
%if 0%{?skipcheck}
# Need KDFs. This is the "real" version
BuildRequires: openssl-devel >= 1:3.0.0
%else
%else
# Need KDFs. This is the backported version
BuildRequires: dejagnu
BuildRequires: openssl-devel >= 1:1.1.1d-4
BuildRequires: net-tools, rpcbind
BuildRequires: openssl-devel < 1:3.0.0
BuildRequires: hostname
BuildRequires: iproute
BuildRequires: python3-pyrad
%endif
%endif
# Enable compilation of optional tests
# Need KDFs. This is the "real" version
BuildRequires: resolv_wrapper
BuildRequires: openssl-devel >= 1:3.0.0
BuildRequires: libcmocka-devel
%description
%description
Kerberos V5 is a trusted-third-party network authentication system,
Kerberos V5 is a trusted-third-party network authentication system,
@ -142,13 +166,8 @@ to install this package.
%package libs
%package libs
Summary: The non-admin shared libraries used by Kerberos 5
Summary: The non-admin shared libraries used by Kerberos 5
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
Requires: openssl-libs >= 1:3.0.0
Requires: openssl-libs >= 1:3.0.0
%else
Requires: coreutils, gawk, grep, sed
Requires: openssl-libs >= 1:1.1.1d-4
Requires: openssl-libs < 1:3.0.0
%endif
Requires: coreutils, gawk, sed
Requires: keyutils-libs >= 1.5.8
Requires: keyutils-libs >= 1.5.8
Requires: /etc/crypto-policies/back-ends/krb5.config
Requires: /etc/crypto-policies/back-ends/krb5.config
@ -166,8 +185,8 @@ Requires(preun): systemd-units
Requires(postun): systemd-units
Requires(postun): systemd-units
# we drop files in its directory, but we don't want to own that directory
# we drop files in its directory, but we don't want to own that directory
Requires: logrotate
Requires: logrotate
# we specify /usr/share/dict/words (provided by words) as the default dict_file in kdc.conf
# we specify /usr/share/dict/words as the default dict_file in kdc.conf
Requires: words
Requires: /usr/share/dict/ words
# for run-time, and for parts of the test suite
# for run-time, and for parts of the test suite
BuildRequires: libverto-module-base
BuildRequires: libverto-module-base
Requires: libverto-module-base
Requires: libverto-module-base
@ -227,51 +246,6 @@ Kerberos is a network authentication system. The libkadm5 package
contains only the libkadm5clnt and libkadm5serv shared objects. This
contains only the libkadm5clnt and libkadm5serv shared objects. This
interface is not considered stable.
interface is not considered stable.
%package tests
Summary: Test sources for krb5 build
# Build dependencies
Requires: coreutils, gawk, sed
Requires: gcc-c++
Requires: gettext
Requires: libcom_err-devel
Requires: libselinux-devel
Requires: libss-devel
Requires: libverto-devel
Requires: lmdb-devel
Requires: openldap-devel
Requires: pam-devel
Requires: redhat-rpm-config
%if 0%{?fedora} > 35 || 0%{?rhel} >= 9
Requires: openssl-devel >= 1:3.0.0
%else
Requires: openssl-devel >= 1:1.1.1d-4
Requires: openssl-devel < 1:3.0.0
%endif
# Test dependencies
Requires: dejagnu
Requires: hostname
Requires: iproute
Requires: keyutils, keyutils-libs-devel >= 1.5.8
Requires: libcmocka-devel
Requires: libverto-module-base
Requires: logrotate
Requires: net-tools, rpcbind
Requires: perl-interpreter
Requires: procps-ng
Requires: python3-kdcproxy
Requires: resolv_wrapper
Requires: /etc/crypto-policies/back-ends/krb5.config
Requires: words
Recommends: python3-pyrad
Recommends: openldap-servers
Recommends: openldap-clients
%description tests
FOR TESTING PURPOSE ONLY
Test sources for krb5 build, with pre-defined compilation parameters
%prep
%prep
%autosetup -S git_am -n %{name}-%{version}%{?dashpre}
%autosetup -S git_am -n %{name}-%{version}%{?dashpre}
ln NOTICE LICENSE
ln NOTICE LICENSE
@ -314,7 +288,6 @@ sed -i -e \
"s,params.kadmind_port = 61001;,params.kadmind_port = $((PORT + 1));," \
"s,params.kadmind_port = 61001;,params.kadmind_port = $((PORT + 1));," \
src/lib/kadm5/t_kadm5.c
src/lib/kadm5/t_kadm5.c
%build
%build
# Go ahead and supply tcl info, because configure doesn't know how to find it.
# Go ahead and supply tcl info, because configure doesn't know how to find it.
source %{_libdir}/tclConfig.sh
source %{_libdir}/tclConfig.sh
@ -382,6 +355,17 @@ sphinx-build -a -b man -t pathsubs doc build-man
sphinx-build -a -b html -t pathsubs doc build-html
sphinx-build -a -b html -t pathsubs doc build-html
rm -fr build-html/_sources
rm -fr build-html/_sources
%if 0%{?skipcheck}
%else
%check
pushd src
# The build system may give us a revoked session keyring, so run affected
# tests with a new one.
keyctl session - make check OFFLINE=yes TMPDIR=%{_tmppath}
popd
%endif
%install
%install
[ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
[ "$RPM_BUILD_ROOT" != '/' ] && rm -rf -- "$RPM_BUILD_ROOT"
@ -470,10 +454,9 @@ install -pdm 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata
# list of link flags, and it helps prevent file conflicts on multilib systems.
# list of link flags, and it helps prevent file conflicts on multilib systems.
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
# Workaround krb5-config reading too much from LDFLAGS.
# Workaround for krb5-config reading too much from LDFLAGS.
# https://bugzilla.redhat.com/show_bug.cgi?id=1997021
# https://bugzilla.redhat.com/show_bug.cgi?id=1997021
# https://bugzilla.redhat.com/show_bug.cgi?id=2048909
sed -r -i -e "s/-specs=[^ ]*//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
sed -i -r -e 's/^(LDFLAGS=).*/\1/' $RPM_BUILD_ROOT%{_bindir}/krb5-config
# Install processed man pages.
# Install processed man pages.
for section in 1 5 8 ; do
for section in 1 5 8 ; do
@ -498,43 +481,16 @@ rm -- "$RPM_BUILD_ROOT/%{_docdir}/krb5-libs/examples/services.append"
# This is only needed for tests
# This is only needed for tests
rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
rm -- "$RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth/test.so"
# Generate tests launching script
sed -e 's/{{ name }}/%{name}/g' \
-e 's/{{ version }}/%{krb5_version}/g' \
-e 's/{{ release }}/%{krb5_release}/g' \
-e 's/{{ arch }}/%{_arch}/g' \
-i %{SOURCE15}
mkdir -p $RPM_BUILD_ROOT%{_libexecdir}
install -pm 755 %{SOURCE15} $RPM_BUILD_ROOT%{_libexecdir}/%{name}-tests-%{_arch}
# Copy source files from build folder to system data folder
install -pdm 755 $RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}
pushd src
cp -p --parents -t "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/" \
$(find . -type f -exec file -i "{}" + \
| sed -ne 's|^\./\([^:]\+\): \+text/.\+$|\1|p' | grep -Ev '~$')
popd
# Copy binary test files
install -pm 644 src/tests/pkinit-certs/*.p12 \
"$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/tests/pkinit-certs/"
install -pm 644 src/tests/au_dict.json \
"$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/tests/"
# Unset executable bit if no shebang in script
for f in $(find "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/" -type f -executable)
do
head -n1 "$f" | grep -Eq '^#!' || chmod a-x "$f"
done
# Remove broken shebang Perl scripts
rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/config/wconfig.pl"
rm -- "$RPM_BUILD_ROOT%{_datarootdir}/%{name}-tests/%{_arch}/kadmin/kdbkeys/do-test.pl"
%find_lang %{gettext_domain}
%find_lang %{gettext_domain}
%ldconfig_scriptlets libs
%ldconfig_scriptlets libs
%triggerun libs -- krb5-libs < 1.15.1-5
if ! grep -q 'includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
sed -i '1i # To opt out of the system crypto-policies configuration of krb5, remove the\n# symlink at /etc/krb5.conf.d/crypto-policies which will not be recreated.\nincludedir /etc/krb5.conf.d/\n' /etc/krb5.conf
fi
exit 0
%ldconfig_scriptlets server-ldap
%ldconfig_scriptlets server-ldap
%post server
%post server
@ -716,235 +672,166 @@ exit 0
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5clnt_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%{_libdir}/libkadm5srv_mit.so.*
%files tests
%{_libexecdir}/%{name}-tests-%{_arch}
%{_datarootdir}/%{name}-tests/%{_arch}
%changelog
%changelog
* Mon Nov 04 2024 Julien Rische <jrische@redhat.com> - 1.21.3-5
* Thu Oct 17 2024 Julien Rische <jrische@redhat.com> - 1.21.1-4
- Make test dependencies optional if not part of CentOS/RHEL 10
Resolves: RHEL-65724
* Wed Oct 30 2024 Julien Rische <jrische@redhat.com> - 1.21.3-4
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
- libkrad: implement support for Message-Authenticator (CVE-2024-3596)
Resolves: RHEL-55427
Resolves: RHEL-55423
- Fix various issues detected by static analysis
- Fix various issues detected by static analysis
Resolves: RHEL-4 5165
Resolves: RHEL-58216
- Remove RSA protocol for PKINIT
- Remove RSA protocol for PKINIT
Resolves: RHEL-56070
Resolves: RHEL-15323
* Tue Oct 29 2024 Troy Dawson <tdawson@redhat.com> - 1.21.3-3
- Bump release for October 2024 mass rebuild:
Resolves: RHEL-64018
* Fri Oct 25 2024 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 1.21.3-2
- Rebuilt for MSVSphere 10
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-2
* Fri Jul 05 2024 Julien Rische <jrische@redhat.com> - 1.21.1-3
- Do not include files with "~" termination in krb5-tests
Resolves: RHEL-45995
* Fri Jul 12 2024 Julien Rische <jrische@redhat.com> - 1.21.3-1
- New upstream version (1.21.3)
- CVE-2024-37370 CVE-2024-37371
- CVE-2024-37370 CVE-2024-37371
Fix vulnerabilities in GSS message token handling
Fix vulnerabilities in GSS message token handling
Resolves: RHEL-45387 RHEL-45378
Resolves: RHEL-45402 RHEL-45392
* Wed Mar 20 2024 Julien Rische <jrische@redhat.com> - 1.21.1-2
- Fix memory leak in GSSAPI interface
- Fix memory leak in GSSAPI interface
Resolves: RHEL-47284
Resolves: RHEL-27251
- Fix memory leak in PMAP RPC interface
- Fix memory leak in PMAP RPC interface
Resolves: RHEL-47 28 7
Resolves: RHEL-27245
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
- Fix memory leak in failing UTF-8 to UTF-16 re-encoding for PAC
Resolves: RHEL-47285
Resolves: RHEL-27253
- Make TCP waiting time configurable
- Make TCP waiting time configurable
Resolves: RHEL-47278
Resolves: RHEL-17132
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 1.21.2-7
- Bump release for June 2024 mass rebuild
* Wed Jun 19 2024 Julien Rische <jrische@redhat.com> - 1.21.2-6
- Add missing SPDX license identifiers
Resolves: RHEL-44383
* Thu Jan 25 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Sun Jan 21 2024 Fedora Release Engineering <releng@fedoraproject.org> - 1.21.2-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Wed Jan 17 2024 Julien Rische <jrische@redhat.com> - 1.21.2-3
- Fix double free in klist's show_ccache()
Resolves: rhbz#2257301
- Store krb5-tests files in architecture-specific directories
Resolves: rhbz#2244601
* Tue Oct 10 2023 Julien Rische <jrische@redhat.com> - 1.21.2-2
- Use SPDX expression for license tag
- Fix unimportant memory leaks
Resolves: rhbz#2223274
* Wed Aug 16 2023 Julien Rische <jrische@redhat.com> - 1.21.2 -1
* Tue Aug 08 2023 Julien Rische <jrische@redhat.com> - 1.21.1-1
- New upstream version (1.21.2 )
- New upstream version (1.21.1)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
- Fix double-free in KDC TGS processing (CVE-2023-39975)
Resolves: rhbz#2229113
- Add support for "pac_privsvr_enctype" KDB string attribute
- Make tests compatible with Python 3.12
Resolves: rhbz#2060421
Resolves: rhbz#2224013
* Thu Jul 20 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.21-3
* Thu Jun 08 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
- Rebuilt for https://fedoraproject.org/wiki/Fedora_39_Mass_Rebuild
* Thu Jun 29 2023 Marek Blaha <mblaha@redhat.com> - 1.21-2
- Replace file dependency with package name
Resolves: rhbz#2216903
* Mon Jun 12 2023 Julien Rische <jrische@redhat.com> - 1.21-1
- New upstream version (1.21)
- Do not disable PKINIT if some of the well-known DH groups are unavailable
- Do not disable PKINIT if some of the well-known DH groups are unavailable
Resolves: rhbz#2214297
Resolves: rhbz#2187722
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
- Make PKINIT CMS SHA-1 signature verification available in FIPS mode
Resolves: rhbz#2214300
Resolves: rhbz#2155607
- Allow to set PAC ticket signature as optional
- Allow to set PAC ticket signature as optional
Resolves: rhbz#2181311
Resolves: rhbz#2178298
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
Resolves: rhbz#2166001
- Fix syntax error in aclocal.m4
Resolves: rhbz#2143306
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-9
* Wed Feb 22 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
- Fix datetime parsing in kadmin on s390x
Resolves: rhbz#2169985
* Tue Feb 14 2023 Julien Rische <jrische@redhat.com> - 1.20.1-7
- Fix double free on kdb5_util key creation failure
Resolves: rhbz#2166603
* Tue Jan 31 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
- Add support for MS-PAC extended KDC signature (CVE-2022-37967)
Resolves: rhbz#2166001
Resolves: rhbz#2165827
* Mon Jan 30 2023 Julien Rische <jrische@redhat.com> - 1.20.1-8
* Thu Jan 19 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
Resolves: rhbz#2162461
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 1.20.1-7
* Thu Jan 12 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Wed Jan 18 2023 Julien Rische <jrische@redhat.com> - 1.20.1-6
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Set aes256-cts-hmac-sha384-192 as EXAMLE.COM master key in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
- Add AES SHA-2 HMAC family as EXAMPLE.COM supported etypes in kdc.conf
Resolves: rhbz#2114771
Resolves: rhbz#2068535
* Mon Jan 09 2023 Julien Rische <jrische@redhat.com> - 1.20.1-5
* Tue Jan 10 2023 Julien Rische <jrische@redhat.com> - 1.20.1-2
- Strip debugging data from ksu executable file
- Strip debugging data from ksu executable file
Resolves: rhbz#2159643
* Thu Jan 05 2023 Julien Rische <jrische@redhat.com> - 1.20.1-4
* Wed Dec 07 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
- Include missing OpenSSL FIPS header
- Make tests compatible with sssd-client
- Make tests compatible with sssd_krb5_locator_plugin.so
Resolves: rhbz#2151513
- Remove invalid password expiry warning
* Tue Dec 06 2022 Julien Rische <jrische@redhat.com> - 1.20.1-3
Resolves: rhbz#2121099
- Enable TMT integration with Fedora CI
- Update error checking for OpenSSL CMS_verify
Resolves: rhbz#2063838
- New upstream version (1.20.1)
Resolves: rhbz#2016312
- Fix integer overflows in PAC parsing (CVE-2022-42898)
Resolves: rhbz#2140971
* Thu Dec 1 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.20.1-2
* Tue Oct 18 2022 Julien Rische <jrische@redhat.com> - 1.19.1-23
- Bump KDB ABI version provide to 9.0
- Fix kprop for propagating dump files larger than 4GB
Resolves: rhbz#2133014
* Wed Nov 23 2022 Julien Rische <jrische@redhat.com> - 1.20.1-1
* Fri Jul 08 2022 Julien Rische <jrische@redhat.com> - 1.19.1-22
- New upstream version (1.20.1)
Resolves: rhbz#2124463
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
- Restore "supportedCMSTypes" attribute in PKINIT preauth requests
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
- Set SHA-512 or SHA-256 with RSA as preferred CMS signature algorithms
Resolves: rhbz#2114766
Resolves: rhbz#2068935
- Update error checking for OpenSSL CMS_verify
Resolves: rhbz#2119704
- Remove invalid password expiry warning
Resolves: rhbz#2129113
* Wed Nov 09 2022 Julien Rische <jrische@redhat.com> - 1.19.2-13
- Fix integer overflows in PAC parsing (CVE-2022-42898)
Resolves: rhbz#2143011
* Tue Aug 02 2022 Andreas Schneider <asn@redhat.com> - 1.19.2-12
- Use baserelease to set the release number
- Do not define netlib, but use autoconf detection for res_* functions
- Add missing BR for resolv_wrapper to run t_discover_uri.py
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.2-11.1
* Thu Jun 23 2022 Julien Rische <jrische@redhat.com> - 1.19.1-21
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
- Fix libkrad client cleanup
- Allow use of larger RADIUS attributes in krad library
Resolves: rhbz#2100351
* Wed Jun 15 2022 Julien Rische <jrische@redhat.com> - 1.19.2-11
* Thu May 12 2022 Julien Rische <jrische@redhat.com> - 1.19.1-20
- Fix OpenSSL 3 MD5 encyption in FIPS mode
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
- Allow libkrad UDP/TCP connection to localhost in FIPS mode
Resolves: rhbz#2082189
Resolves: rhbz#2068458
- Read GSS configuration files with mtime 0
* Mon May 2 2022 Julien Rische <jrische@redhat.com> - 1.19.2-10
* Mon May 02 2022 Julien Rische <jrische@redhat.com> - 1.19.1-19
- Use p11-kit as default PKCS11 module
- Use p11-kit as default PKCS11 module
Resolves: rhbz#2073274
Resolves: rhbz#2030981
- Try harder to avoid password change replay errors
Resolves: rhbz#2072059
* Tue Apr 05 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-9
- Fix libkrad client cleanup
- Fixes rhbz#2072059
* Tue Apr 05 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-8
* Tue Apr 26 2022 Julien Rische <jrische@redhat.com> - 1.19.1-18
- Allow use of larger RADIUS attributes in krad library
- Try harder to avoid password change replay errors
Resolves: rhbz#2075186
* Wed Mar 23 2022 Julien Rische <jrische@redhat.com> - 1.19.2-7
* Mon Mar 14 2022 Julien Rische <jrische@redhat.com> - 1.19.1-15
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
- Use SHA-256 instead of SHA-1 for PKINIT CMS digest
* Tue Feb 8 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.19.2-6
* Thu Feb 24 2022 Julien Rische <jrische@redhat.com> - 1.19.1-14
- Drop old trigger scriplet
- Bypass FIPS restrictions to use KRB5KDF in case AES SHA-1 HMAC is enabled
- Reenable package notes and strip LDFLAGS from krb5-config (rhbz#2048909)
- Lazily load MD4/5 from OpenSSL if using RADIUS or RC4 enctype in FIPS mode
* Wed Feb 02 2022 Alexander Bokovoy <abokovoy@redhat.com> - 1.19.2-5
- Temporarily remove package note to unblock krb5-dependent packages
Resolves: rhbz#2048909
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 1.19.2-4.1
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Fri Dec 3 2021 Antonio Torres <antorres@redhat.com> - 1.19.2-4
- Add patches to support OpenSLL 3.0.0
- Remove TCL-based libkadm5 API tests
* Tue Sep 14 2021 Sahana Prasad <sahana@redhat.com> - 1.19.2-3.1
- Rebuilt with OpenSSL 3.0.0
* Tue Aug 24 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2- 3
* Fri Dec 17 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-13
- Remove -specs= from krb5-config output
- Remove -specs= from krb5-config output
- Resolves rhbz#1997021
* Thu Aug 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2- 2
* Wed Oct 20 2021 Antonio Torres <antorres@redhat.com> - 1.19.1-12
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
- Fix KDC null deref on TGS inner body null server (CVE-2021-37750)
Resolves: rhbz#1997602
* Mon Jul 26 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.2-1
* Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-11.1
- New upstream version (1.19.2)
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
* Wed Jul 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-15
* Tue Jul 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-11
- Fix defcred leak in krb5 gss_inquire_cred()
* Mon Jul 12 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-14
- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
- Fix KDC null deref on bad encrypted challenge (CVE-2021-36222)
Resolves: rhbz#1983733
* Thu Jul 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-13
* Wed Jul 14 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-10
- Fix use-after-free during krad remote_shutdown()
- Update OpenSSL 3 provider handling to clean up properly
Resolves: rhbz#1955873
* Mon Jun 28 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-12
- MEMORY locking fix and static analysis pullup
* Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-11
* Mon Jun 21 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-9
- Add the backward-compatible parts of openssl3 support
- Sync openssl3 patches with upstream
Resolves: rhbz#1955873
* Wed Jun 09 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-10
* Thu Jun 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-8
- Fix three canonicalization cases for fallback
- Rebuild for rpminspect and mass rebuild cleanup; no code changes
Resolves: rhbz#1967505
* Wed Jun 02 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-9
* Thu Jun 17 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-7
- Fix doc build for Sphinx 4.0
- Fix several fallback canonicalization problems
Resolves: rhbz#1967505
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-8
* Tue Jun 15 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-6.1
- Add all the sssd-kcm workarounds
- Rebuilt for RHEL 9 BETA for openssl 3.0
Resolves: rhbz#1971065
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-7
* Thu Jun 10 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-6
- Fix context for previous backport
- Backport KCM retrieval fixes
Resolves: rhbz#1956403
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-6
* Thu May 20 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
- Add KCM_OP_GET_CRED_LIST and KCM_OP_RETRIEVE support
- Fix DES3 mention in KDFs
Resolves: rhbz#1955873
* Tue May 04 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-5
* Wed May 19 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-4
- Suppress static analyzer warning in FIPS override
- Port to OpenSSL 3 (alpha 15)
Resolves: rhbz#1955873
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 1.19.1-3.1
* Fri Apr 16 2021 Mohan Boddu <mboddu@redhat.com> - 1.19.1-3.1
- Rebuilt for updated systemd-rpm-macros
- Rebuilt for RHEL 9 BETA on Apr 15th 2021. Related: rhbz#1947937
See https://pagure.io/fesco/issue/2583.
* Mon Mar 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-3
* Mon Mar 01 2021 Robbie Harwood <rharwood@redhat.com> - 1.19.1-3
- Further test dependency fixes; no code changes
- Further test dependency fixes; no code changes
@ -1912,8 +1799,8 @@ exit 0
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
* Thu Jun 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-5
- Remove Zanata test glue and related workarounds
- Remove Zanata test glue and related workarounds
- rhbz#1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- Bug rhbz#1234292 ("IPA server cannot be run in container due to incorrect /usr/sbin/_kadmind")
- rhbz#1234326 ("krb5-server introduces new rpm dependency on ksh")
- Bug rhbz#1234326 ("krb5-server introduces new rpm dependency on ksh")
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
* Thu Jun 18 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-4
- Fix dependicy on binfmt.service
- Fix dependicy on binfmt.service
@ -1922,12 +1809,12 @@ exit 0
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
* Tue Jun 2 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-2
- Add patch to fix Redhat rhbz#1227542 ("[SELinux] AVC denials may appear
- Add patch to fix Redhat Bug rhbz#1227542 ("[SELinux] AVC denials may appear
when kadmind starts"). The issue was caused by an unneeded |htons()|
when kadmind starts"). The issue was caused by an unneeded |htons()|
which triggered SELinux AVC denials due to the "random" port usage.
which triggered SELinux AVC denials due to the "random" port usage.
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
* Thu May 21 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-1
- Add fix for RedHat rhbz#1164304 ("Upstream unit tests loads
- Add fix for RedHat Bug rhbz#1164304 ("Upstream unit tests loads
the installed shared libraries instead the ones from the build")
the installed shared libraries instead the ones from the build")
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
* Thu May 14 2015 Roland Mainz <rmainz@redhat.com> - 1.13.2-0
@ -1948,7 +1835,7 @@ exit 0
dictionary attack against the user's password.
dictionary attack against the user's password.
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
* Wed Mar 25 2015 Roland Mainz <rmainz@redhat.com> - 1.13.1-3
- Add temporay workaround for RH rhbz#1204646 ("krb5-config
- Add temporay workaround for RH bug rhbz#1204646 ("krb5-config
returns wrong -specs path") which modifies krb5-config post
returns wrong -specs path") which modifies krb5-config post
build so that development of krb5 dependicies gets unstuck.
build so that development of krb5 dependicies gets unstuck.
This MUST be removed before rawhide becomes F23 ...
This MUST be removed before rawhide becomes F23 ...
@ -2107,7 +1994,7 @@ exit 0
* Tue Jan 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-2
* Tue Jan 21 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-2
- pull in multiple changes to allow replay caches to be added to a GSS
- pull in multiple changes to allow replay caches to be added to a GSS
credential store as "rcache"-type credentials (RT#7818/rhbz #7819/rhbz #7836,
credential store as "rcache"-type credentials (RT#7818/#7819/#7836,
rhbz#1056078/rhbz#1056080)
rhbz#1056078/rhbz#1056080)
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
* Fri Jan 17 2014 Nalin Dahyabhai <nalin@redhat.com> - 1.12.1-1
@ -2510,9 +2397,9 @@ exit 0
* Thu Nov 15 2012 Nalin Dahyabhai <nalin@redhat.com>
* Thu Nov 15 2012 Nalin Dahyabhai <nalin@redhat.com>
- update to 1.11 alpha 1
- update to 1.11 alpha 1
- drop backported patch for RT rhbz #7406
- drop backported patch for RT #7406
- drop backported patch for RT rhbz #7407
- drop backported patch for RT #7407
- drop backported patch for RT rhbz #7408
- drop backported patch for RT #7408
- the new docs system generates PDFs, so stop including them as sources
- the new docs system generates PDFs, so stop including them as sources
- drop backported patch to allow deltat.y to build with the usual
- drop backported patch to allow deltat.y to build with the usual
warning flags and the current gcc
warning flags and the current gcc
@ -2702,7 +2589,7 @@ exit 0
should be able to run inside of the build system without issue
should be able to run inside of the build system without issue
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19
* Wed Oct 26 2011 Fedora Release Engineering <rel-eng@lists.fedoraproject.org> - 1.9.1-19
- Rebuilt for glibc rhbz#747377
- Rebuilt for glibc bug rhbz#747377
* Tue Oct 18 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-18
* Tue Oct 18 2011 Nalin Dahyabhai <nalin@redhat.com> 1.9.1-18
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
- apply upstream patch to fix a null pointer dereference with the LDAP kdb
@ -2895,7 +2782,7 @@ exit 0
k5login_directory settings for krb5.conf (rhbz#539423)
k5login_directory settings for krb5.conf (rhbz#539423)
* Wed Sep 29 2010 jkeating - 1.8.3-5
* Wed Sep 29 2010 jkeating - 1.8.3-5
- Rebuilt for gcc rhbz# 634757
- Rebuilt for gcc bug 634757
* Wed Sep 15 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-4
* Wed Sep 15 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.3-4
- fix reading of keyUsage extensions when attempting to select pkinit client
- fix reading of keyUsage extensions when attempting to select pkinit client
@ -2915,20 +2802,20 @@ exit 0
- update to 1.8.3
- update to 1.8.3
- drop backports of fixes for gss context expiration and error table
- drop backports of fixes for gss context expiration and error table
registration/deregistration mismatch
registration/deregistration mismatch
- drop patch for upstream rhbz #6750
- drop patch for upstream #6750
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-3
* Wed Jul 7 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-3
- tell krb5kdc and kadmind to create pid files, since they can
- tell krb5kdc and kadmind to create pid files, since they can
- add logrotate configuration files for krb5kdc and kadmind (rhbz#462658)
- add logrotate configuration files for krb5kdc and kadmind (rhbz#462658)
- fix parsing of the pidfile option in the KDC (upstream rhbz #6750)
- fix parsing of the pidfile option in the KDC (upstream #6750)
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-2
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-2
- libgssapi: pull in patch from svn to stop returning context-expired errors
- libgssapi: pull in patch from svn to stop returning context-expired errors
when the ticket which was used to set up the context expires (rhbz#605366,
when the ticket which was used to set up the context expires (rhbz#605366,
upstream rhbz #6739)
upstream #6739)
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com>
* Mon Jun 21 2010 Nalin Dahyabhai <nalin@redhat.com>
- pull up fix for upstream rhbz #6745, in which the gssapi library would add the
- pull up fix for upstream #6745, in which the gssapi library would add the
wrong error table but subsequently attempt to unload the right one
wrong error table but subsequently attempt to unload the right one
* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
* Thu Jun 10 2010 Nalin Dahyabhai <nalin@redhat.com> 1.8.2-1
@ -3520,7 +3407,7 @@ exit 0
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com>
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com>
- initial update to 1.6, pre-package-reorg
- initial update to 1.6, pre-package-reorg
- move workstation daemons to a new subpackage (rhbz #81836, rhbz#216356, rhbz#217301), and
- move workstation daemons to a new subpackage (#81836, rhbz#216356, rhbz#217301), and
make the new subpackage require xinetd (rhbz#211885)
make the new subpackage require xinetd (rhbz#211885)
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.5-18
* Mon Jan 22 2007 Nalin Dahyabhai <nalin@redhat.com> - 1.5-18
@ -3554,7 +3441,7 @@ exit 0
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-10
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-10
- rename krb5.sh and krb5.csh so that they don't overlap (rhbz#210623)
- rename krb5.sh and krb5.csh so that they don't overlap (rhbz#210623)
- way-late application of added error info in kadmind.init (rhbz #65853)
- way-late application of added error info in kadmind.init (#65853)
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-9.pal_18695
* Wed Oct 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-9.pal_18695
- add backport of in-development preauth module interface (rhbz#208643)
- add backport of in-development preauth module interface (rhbz#208643)
@ -3656,7 +3543,7 @@ exit 0
* Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
* Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
- change the default configured encryption type for KDC databases to the
- change the default configured encryption type for KDC databases to the
compiled-in default of des3-hmac-sha1 (rhbz #57847)
compiled-in default of des3-hmac-sha1 (#57847)
* Thu Aug 11 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
* Thu Aug 11 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
@ -4218,7 +4105,7 @@ exit 0
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
* Sat Jun 3 2000 Nalin Dahyabhai <nalin@redhat.com>
- use %%{_infodir} to better comply with FHS
- use %%{_infodir} to better comply with FHS
- move .so files to -devel subpackage
- move .so files to -devel subpackage
- tweak xinetd config files (bugs rhbz #11833, rhbz #11835, rhbz #11836, rhbz #11840)
- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
- fix package descriptions again
- fix package descriptions again
* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
@ -4255,7 +4142,7 @@ exit 0
- fix configure stuff for ia64
- fix configure stuff for ia64
* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
- add LDCOMBINE=-lc to configure invocation to use libc versioning (rhbz #10653)
- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
- change Requires: for/in subpackages to include %%{version}
- change Requires: for/in subpackages to include %%{version}
* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
