File krb5-mini.changes of Package krb5.5972

-------------------------------------------------------------------
Tue Sep  5 12:16:01 UTC 2017 - hguo@suse.com

- Introduce patch 0109-Preserve-GSS-context-on-init-accept-failure.patch
  to fix CVE-2017-11462 of bsc#1056995.

-------------------------------------------------------------------
Thu Aug 17 13:04:21 UTC 2017 - hguo@suse.com

- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf
  in order to improve client security in handling service principle
  names. (bsc#1054028)

-------------------------------------------------------------------
Mon Aug 15 13:38:21 UTC 2016 - hguo@suse.com

- Remove unneeded prerequisites from spec file. (bsc#992853)

-------------------------------------------------------------------
Sat Jul  2 20:51:17 UTC 2016 - foss@grueninger.de

- Fix build with doxygen 1.8.8 - adding krb5-1.12-doxygen.patch
  from rev128 of network/krb5 (bsc#982313#c2)

-------------------------------------------------------------------
Mon Jun 13 08:52:58 UTC 2016 - hguo@suse.com

- Remove source file ccapi/common/win/OldCC/autolock.hxx
  that is not needed and does not carry an acceptable license.
  (bsc#968111)

-------------------------------------------------------------------
Thu Feb 11 14:43:27 UTC 2016 - hguo@suse.com

- Upgrade from version 1.12.1 to 1.12.5.
  The new maintenance release brings accumulated defect fixes.
- The following patches are now present in the source bundle,
  thus removed from build individual patch files:
  * 0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch
  * 0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch
  * 0100-Fix-build_principal-memory-bug-CVE-2015-2697.patch
  * 0101-Fix-IAKERB-context-aliasing-bugs-CVE-2015-2696.patch
  * 0102-Fix-SPNEGO-context-aliasing-bugs-CVE-2015-2695.patch
  * 0103-Fix-IAKERB-context-export-import-CVE-2015-2698.patch
  * bnc#912002.diff
  * krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
  * krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  * krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch
  * krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch
  * krb5-1.12.2-CVE-2014-5353.patch
  * krb5-1.12.2-CVE-2014-5354.patch
  * krb5-master-keyring-kdcsync.patch
- Line numbers in the following patches are slightly adjusted to fit
  into this new source version:
  * krb5-1.6.3-ktutil-manpage.dif
  * krb5-1.7-doublelog.patch
- Remove krb5 pieces from spec file. Thus removing pre-checkin.sh
- Remove expired macros and other minor clean-ups in spec file.
- Change package description to explain what "mini" means.
- Apply the following patches to catch up with krb5-server:
  0104-Verify-decoded-kadmin-C-strings-CVE-2015-8629.patch
  0105-Fix-leaks-in-kadmin-server-stubs-CVE-2015-8631.patch
  0106-Check-for-null-kadm5-policy-name-CVE-2015-8630.patch
- Use system libverto to substitute built-in libverto.
  Implement fate#320326

-------------------------------------------------------------------
Mon Jul 13 06:54:00 UTC 2015 - varkoly@suse.com

- bnc#928978 - (CVE-2015-2694) VUL-0: CVE-2015-2694: krb5: issues
  in OTP and PKINIT kdcpreauth modules leading to requires_preauth bypass
patches:
0001-Prevent-requires_preauth-bypass-CVE-2015-2694.patch

-------------------------------------------------------------------
Wed Mar 11 18:13:01 UTC 2015 - varkoly@suse.com

- bnc#918595 VUL-0: CVE-2014-5355: krb5: denial of service in krb5_read_message
patches:
0001-Fix-krb5_read_message-handling-CVE-2014-5355.patch 

-------------------------------------------------------------------
Wed Mar 11 14:55:56 UTC 2015 - varkoly@suse.com

- bnc#910457: CVE-2014-5353: NULL pointer dereference when using a ticket policy name as password name
- bnc#910458: CVE-2014-5354: NULL pointer dereference when using keyless entries

patches:
krb5-1.12.2-CVE-2014-5353.patch
krb5-1.12.2-CVE-2014-5354.patch

-------------------------------------------------------------------
Wed Jan  7 12:36:45 UTC 2015 - varkoly@suse.com

- bnc#912002 VUL-0: CVE-2014-5352 CVE-2014-9421 CVE-2014-9422 CVE-2014-9423:
  krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token 
- added patches:
  * bnc#912002.diff
-------------------------------------------------------------------
Thu Sep 25 12:48:32 UTC 2014 - ddiss@suse.com

- Work around replay cache creation race; (bnc#898439).
  krb5-1.13-work-around-replay-cache-creation-race.patch

-------------------------------------------------------------------
Tue Sep 23 12:27:55 UTC 2014 - varkoly@suse.com

- bnc#897874 CVE-2014-5351: krb5: current keys returned when randomizing the keys for a service principal 
- added patches:
  * bnc#897874-CVE-2014-5351.diff
-------------------------------------------------------------------
Fri Aug  8 15:55:01 UTC 2014 - ckornacker@suse.com

- buffer overrun in kadmind with LDAP backend
  CVE-2014-4345 (bnc#891082)
  krb5-1.12-CVE-2014-4345-buffer-overrun-in-kadmind-with-LDAP-backend.patch 

-------------------------------------------------------------------
Mon Jul 28 09:22:06 UTC 2014 - ckornacker@suse.com

- Fix double-free in SPNEGO [CVE-2014-4343] (bnc#888697)
  krb5-1.12-CVE-2014-4343-Fix-double-free-in-SPNEGO.patch
  Fix null deref in SPNEGO acceptor [CVE-2014-4344]
  krb5-1.12-CVE-2014-4344-Fix-null-deref-in-SPNEGO-acceptor.patch

-------------------------------------------------------------------
Thu Jul 10 15:59:52 UTC 2014 - ckornacker@suse.com

- denial of service flaws when handling RFC 1964 tokens (bnc#886016)
  krb5-1.12-CVE-2014-4341-CVE-2014-4342.patch
- start krb5kdc after slapd (bnc#886102)

-------------------------------------------------------------------
Fri Jun  6 11:08:08 UTC 2014 - ckornacker@suse.com

- obsolete krb5-plugin-preauth-pkinit-nss (bnc#881674)
  similar functionality is provided by krb5-plugin-preauth-pkinit

-------------------------------------------------------------------
Tue Feb 18 15:25:57 UTC 2014 - ckornacker@suse.com

- don't deliver SysV init files to systemd distributions

-------------------------------------------------------------------
Tue Jan 21 14:23:37 UTC 2014 - ckornacker@suse.com

- update to version 1.12.1
  * Make KDC log service principal names more consistently during
    some error conditions, instead of "<unknown server>"
  * Fix several bugs related to building AES-NI support on less
    common configurations
  * Fix several bugs related to keyring credential caches
- upstream obsoletes:
  krb5-1.12-copy_context.patch
  krb5-1.12-enable-NX.patch
  krb5-1.12-pic-aes-ni.patch
  krb5-master-no-malloc0.patch
  krb5-master-ignore-empty-unnecessary-final-token.patch
  krb5-master-gss_oid_leak.patch
  krb5-master-keytab_close.patch
  krb5-master-spnego_error_messages.patch
- Fix Get time offsets for all keyring ccaches
  krb5-master-keyring-kdcsync.patch (RT#7820)

-------------------------------------------------------------------
Mon Jan 13 15:37:16 UTC 2014 - ckornacker@suse.com

- update to version 1.12
  * Add GSSAPI extensions for constructing MIC tokens using IOV lists
  * Add a FAST OTP preauthentication module for the KDC which uses
    RADIUS to validate OTP token values.
  * The AES-based encryption types will use AES-NI instructions
    when possible for improved performance.
- revert dependency on libcom_err-mini-devel since it's not yet
  available
- update and rebase patches
  * krb5-1.10-buildconf.patch -> krb5-1.12-buildconf.patch
  * krb5-1.11-pam.patch -> krb5-1.12-pam.patch
  * krb5-1.11-selinux-label.patch -> krb5-1.12-selinux-label.patch
  * krb5-1.8-api.patch -> krb5-1.12-api.patch
  * krb5-1.9-ksu-path.patch -> krb5-1.12-ksu-path.patch
  * krb5-1.9-debuginfo.patch
  * krb5-1.9-kprop-mktemp.patch
  * krb5-kvno-230379.patch
- added upstream patches
  - Fix krb5_copy_context
    * krb5-1.12-copy_context.patch
  - Mark AESNI files as not needing executable stacks
    * krb5-1.12-enable-NX.patch
    * krb5-1.12-pic-aes-ni.patch
  - Fix memory leak in SPNEGO initiator
    * krb5-master-gss_oid_leak.patch
  - Fix SPNEGO one-hop interop against old IIS
    * krb5-master-ignore-empty-unnecessary-final-token.patch
  - Fix GSS krb5 acceptor acquire_cred error handling 
    * krb5-master-keytab_close.patch
  - Avoid malloc(0) in SPNEGO get_input_token
    * krb5-master-no-malloc0.patch
  - Test SPNEGO error message in t_s4u.py
    * krb5-master-spnego_error_messages.patch

-------------------------------------------------------------------
Tue Dec 10 02:43:32 UTC 2013 - nfbrown@suse.com

- Reduce build dependencies for krb5-mini by removing
  doxygen and changing libcom_err-devel to
  libcom_err-mini-devel
- Small fix to pre_checkin.sh so krb5-mini.spec is correct.

-------------------------------------------------------------------
Fri Nov 15 13:33:53 UTC 2013 - ckornacker@suse.com

- update to version 1.11.4
  - Fix a KDC null pointer dereference [CVE-2013-1417] that could
    affect realms with an uncommon configuration.
  - Fix a KDC null pointer dereference [CVE-2013-1418] that could
    affect KDCs that serve multiple realms.
  - Fix a number of bugs related to KDC master key rollover.

-------------------------------------------------------------------
Mon Jun 24 16:21:07 UTC 2013 - mc@suse.com

- install and enable systemd service files also in -mini package

-------------------------------------------------------------------
Fri Jun 21 02:12:03 UTC 2013 - crrodriguez@opensuse.org

- remove fstack-protector-all from CFLAGS, just use the 
  lighter/fast version already present in %optflags

- Use LFS_CFLAGS to build in 32 bit archs.

-------------------------------------------------------------------
Sun Jun  9 14:14:48 UTC 2013 - mc@suse.com

- update to version 1.11.3
  - Fix a UDP ping-pong vulnerability in the kpasswd
    (password changing) service. [CVE-2002-2443]
  - Improve interoperability with some Windows native PKINIT clients.
- install translation files
- remove outdated configure options

-------------------------------------------------------------------
Tue May 28 17:08:01 UTC 2013 - mc@suse.com

- cleanup systemd files (remove syslog.target)

-------------------------------------------------------------------
Fri May  3 09:43:47 CEST 2013 - mc@suse.de

- let krb5-mini conflict with all main packages

-------------------------------------------------------------------
Thu May  2 16:43:16 CEST 2013 - mc@suse.de

- add conflicts between krb5-mini and krb5-server

-------------------------------------------------------------------
Sun Apr 28 17:14:36 CEST 2013 - mc@suse.de

- update to version 1.11.2
  * Incremental propagation could erroneously act as if a slave's
    database were current after the slave received a full dump
    that failed to load.
  * gss_import_sec_context incorrectly set internal state that
    identifies whether an imported context is from an interposer
    mechanism or from the underlying mechanism. 
- upstream fix obsolete krb5-lookup_etypes-leak.patch

-------------------------------------------------------------------
Thu Apr  4 15:10:19 CEST 2013 - mc@suse.de

- add conflicts between krb5-mini-devel and krb5-devel

-------------------------------------------------------------------
Tue Apr  2 17:32:08 CEST 2013 - mc@suse.de

- add conflicts between krb5-mini and krb5 and krb5-client

-------------------------------------------------------------------
Wed Mar 27 11:36:00 CET 2013 - mc@suse.de

- enable selinux and set openssl as crypto implementation

-------------------------------------------------------------------
Fri Mar 22 10:34:55 CET 2013 - mc@suse.de

- fix path to executables in service files
  (bnc#810926)

-------------------------------------------------------------------
Fri Mar 15 11:14:21 CET 2013 - mc@suse.de

- update to version 1.11.1
  * Improve ASN.1 support code, making it table-driven for
    decoding as well as encoding
  * Refactor parts of KDC
  * Documentation consolidation
  * build docs in the main package
  * bugfixing
- changes of patches:
  * bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif:
    upstream
  * bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif:
    upstream
  * krb5-1.10-gcc47.patch: upstream
  * krb5-1.10-selinux-label.patch replaced by
    krb5-1.11-selinux-label.patch
  * krb5-1.10-spin-loop.patch: upstream
  * krb5-1.3.5-perlfix.dif: the tool was removed from upstream
  * krb5-1.8-pam.patch replaced by
    krb5-1.11-pam.patch

-------------------------------------------------------------------
Wed Mar  6 12:01:32 CET 2013 - mc@suse.de

- fix PKINIT null pointer deref in pkinit_check_kdc_pkid()
  CVE-2012-1016 (bnc#807556)
  bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif

-------------------------------------------------------------------
Mon Mar  4 11:23:10 CET 2013 - mc@suse.de

- fix PKINIT null pointer deref
  CVE-2013-1415 (bnc#806715)
  bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif

-------------------------------------------------------------------
Fri Jan 25 15:29:37 CET 2013 - mc@suse.de

- package missing file (bnc#794784)

-------------------------------------------------------------------
Tue Jan 22 13:55:52 UTC 2013 - lchiquitto@suse.com

- krb5-1.10-spin-loop.patch: fix spin-loop bug in k5_sendto_kdc
  (bnc#793336)

-------------------------------------------------------------------
Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com

- revert the -p usage in %postun to fix SLE build

-------------------------------------------------------------------
Tue Oct 16 12:05:00 UTC 2012 - coolo@suse.com

- buildrequire systemd by pkgconfig provide to get systemd-mini

-------------------------------------------------------------------
Sat Oct 13 16:50:59 UTC 2012 - coolo@suse.com

- do not require systemd in krb5-mini

-------------------------------------------------------------------
Fri Oct  5 15:50:38 CEST 2012 - mc@suse.de

- add systemd service files for kadmind, krb5kdc and kpropd
- add sysconfig templates for kadmind and krb5kdc

-------------------------------------------------------------------
Wed Jun 13 08:40:56 UTC 2012 - coolo@suse.com

- fix %files section for krb5-mini

-------------------------------------------------------------------
Thu Jun  7 11:39:18 UTC 2012 - mc@suse.de

- fix gcc47 issues

-------------------------------------------------------------------
Wed Jun  6 16:25:41 CEST 2012 - mc@suse.de

- update to version 1.10.2
  obsolte patches:
  * krb5-1.7-nodeplibs.patch
  * krb5-1.9.1-ai_addrconfig.patch
  * krb5-1.9.1-ai_addrconfig2.patch
  * krb5-1.9.1-sendto_poll.patch
  * krb5-1.9-canonicalize-fallback.patch
  * krb5-1.9-paren.patch
  * krb5-klist_s.patch
  * krb5-pkinit-cms2.patch
  * krb5-trunk-chpw-err.patch
  * krb5-trunk-gss_delete_sec.patch
  * krb5-trunk-kadmin-oldproto.patch
  * krb5-1.9-MITKRB5-SA-2011-006.dif
  * krb5-1.9-gss_display_status-iakerb.patch
  * krb5-1.9.1-sendto_poll2.patch
  * krb5-1.9.1-sendto_poll3.patch
  * krb5-1.9-MITKRB5-SA-2011-007.dif
- Fix an interop issue with Windows Server 2008 R2 Read-Only Domain
  Controllers.
- Update a workaround for a glibc bug that would cause DNS PTR queries
  to occur even when rdns = false.
- Fix a kadmind denial of service issue (null pointer dereference),
  which could only be triggered by an administrator with the "create"
  privilege.  [CVE-2012-1013]
- Fix access controls for KDB string attributes [CVE-2012-1012]
- Make the ASN.1 encoding of key version numbers interoperate with
  Windows Read-Only Domain Controllers
- Avoid generating spurious password expiry warnings in cases where
  the KDC sends an account expiry time without a password expiry time
- Make PKINIT work with FAST in the client library.
- Add the DIR credential cache type, which can hold a collection of
  credential caches.
- Enhance kinit, klist, and kdestroy to support credential cache
  collections if the cache type supports it.
- Add the kswitch command, which changes the selected default cache
  within a collection.
- Add heuristic support for choosing client credentials based on
  the service realm.
- Add support for $HOME/.k5identity, which allows credential
  choice based on configured rules.

-------------------------------------------------------------------
Sun Feb 26 22:23:15 UTC 2012 - stefan.bruens@rwth-aachen.de

- add autoconf macro to devel subpackage

-------------------------------------------------------------------
Tue Jan 31 15:33:05 CET 2012 - meissner@suse.de

- fix license in krb5-mini

-------------------------------------------------------------------
Tue Dec 20 20:57:26 UTC 2011 - coolo@suse.com

- add autoconf as buildrequire to avoid implicit dependency

-------------------------------------------------------------------
Tue Dec 20 11:01:39 UTC 2011 - coolo@suse.com

- remove call to suse_update_config, very old work around

-------------------------------------------------------------------
Mon Nov 21 11:24:12 CET 2011 - mc@suse.de

- fix KDC null pointer dereference in TGS handling
  (MITKRB5-SA-2011-007, bnc#730393)
  CVE-2011-1530

-------------------------------------------------------------------
Mon Nov 21 11:11:54 CET 2011 - mc@suse.de

- fix KDC HA feature introduced with implementing KDC poll
  (RT#6951, bnc#731648)

-------------------------------------------------------------------
Fri Nov 18 08:35:52 UTC 2011 - rhafer@suse.de

- fix minor error messages for the IAKERB GSSAPI mechanism
  (see: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7020)

-------------------------------------------------------------------
Mon Oct 17 16:11:03 CEST 2011 - mc@suse.de

- fix kdc remote denial of service
  (MITKRB5-SA-2011-006, bnc#719393)
  CVE-2011-1527, CVE-2011-1528, CVE-2011-1529

-------------------------------------------------------------------
Tue Aug 23 13:52:03 CEST 2011 - mc@suse.de

- use --without-pam to build krb5-mini

-------------------------------------------------------------------
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com

- add patches from Fedora and upstream 
- fix init scripts (bnc#689006)

-------------------------------------------------------------------
Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com

- update to version 1.9.1
  * obsolete patches:
    MITKRB5-SA-2010-007-1.8.dif
    krb5-1.8-MITKRB5-SA-2010-006.dif
    krb5-1.8-MITKRB5-SA-2011-001.dif
    krb5-1.8-MITKRB5-SA-2011-002.dif
    krb5-1.8-MITKRB5-SA-2011-003.dif
    krb5-1.8-MITKRB5-SA-2011-004.dif
    krb5-1.4.3-enospc.dif
  * replace krb5-1.6.1-compile_pie.dif
-------------------------------------------------------------------
Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de

- fix kadmind invalid pointer free()
  (MITKRB5-SA-2011-004, bnc#687469)
  CVE-2011-0285

-------------------------------------------------------------------
Tue Mar  1 12:43:22 CET 2011 - mc@suse.de

- Fix vulnerability to a double-free condition in KDC daemon
  (MITKRB5-SA-2011-003, bnc#671717)
  CVE-2011-0284

-------------------------------------------------------------------
Wed Jan 19 14:42:27 CET 2011 - mc@suse.de

- Fix kpropd denial of service
  (MITKRB5-SA-2011-001, bnc#662665)
  CVE-2010-4022
- Fix KDC denial of service attacks with LDAP back end
  (MITKRB5-SA-2011-002, bnc#663619)
  CVE-2011-0281, CVE-2011-0282 

-------------------------------------------------------------------
Wed Dec  1 11:44:15 CET 2010 - mc@suse.de

- Fix multiple checksum handling vulnerabilities 
  (MITKRB5-SA-2010-007, bnc#650650)
  CVE-2010-1324
  * krb5 GSS-API applications may accept unkeyed checksums
  * krb5 application services may accept unkeyed PAC checksums
  * krb5 KDC may accept low-entropy KrbFastArmoredReq checksums
  CVE-2010-1323
  * krb5 clients may accept unkeyed SAM-2 challenge checksums
  * krb5 may accept KRB-SAFE checksums with low-entropy derived keys
  CVE-2010-4020
  * krb5 may accept authdata checksums with low-entropy derived keys
  CVE-2010-4021
  * krb5 KDC may issue unrequested tickets due to KrbFastReq forgery 

-------------------------------------------------------------------
Thu Oct 28 12:53:13 CEST 2010 - mc@suse.de

- fix csh profile (bnc#649856) 

-------------------------------------------------------------------
Fri Oct 22 11:15:43 CEST 2010 - mc@suse.de

- update to krb5-1.8.3
  * remove patches which are now upstrem
    - krb5-1.7-MITKRB5-SA-2010-004.dif 
    - krb5-1.8.1-gssapi-error-table.dif 
    - krb5-MITKRB5-SA-2010-005.dif 

-------------------------------------------------------------------
Fri Oct 22 10:49:11 CEST 2010 - mc@suse.de

- change environment variable PATH directly for csh
  (bnc#642080)

-------------------------------------------------------------------
Mon Sep 27 11:42:43 CEST 2010 - mc@suse.de

- fix a dereference of an uninitialized pointer while processing
  authorization data. 
  CVE-2010-1322, MITKRB5-SA-2010-006 (bnc#640990)

-------------------------------------------------------------------
Mon Jun 21 21:31:53 UTC 2010 - lchiquitto@novell.com

- add correct error table when initializing gss-krb5 (bnc#606584,
  bnc#608295)

-------------------------------------------------------------------
Wed May 19 14:27:19 CEST 2010 - mc@suse.de

- fix GSS-API library null pointer dereference
  CVE-2010-1321, MITKRB5-SA-2010-005 (bnc#596826) 

-------------------------------------------------------------------
Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de

- fix a double free vulnerability in the KDC 
  CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002)

-------------------------------------------------------------------
Fri Apr  9 12:43:44 CEST 2010 - mc@suse.de

- update to version 1.8.1
  * include krb5-1.8-POST.dif
  * include MITKRB5-SA-2010-002 

-------------------------------------------------------------------
Tue Apr  6 14:14:56 CEST 2010 - mc@suse.de

- update krb5-1.8-POST.dif 

-------------------------------------------------------------------
Tue Mar 23 14:32:41 CET 2010 - mc@suse.de

- fix a bug where an unauthenticated remote attacker could cause
  a GSS-API application including the Kerberos administration
  daemon (kadmind) to crash.
  CVE-2010-0628, MITKRB5-SA-2010-002 (bnc#582557) 

-------------------------------------------------------------------
Tue Mar 23 12:33:26 CET 2010 - mc@suse.de

- add post 1.8 fixes
  * Add IPv6 support to changepw.c
  * fix two problems in kadm5_get_principal mask handling 
  * Ignore improperly encoded signedpath AD elements
  * handle NT_SRV_INST in service principal referrals
  * dereference options while checking 
    KRB5_GET_INIT_CREDS_OPT_CHG_PWD_PRMPT
  * Fix the kpasswd fallback from the ccache principal name
  * Document the ticket_lifetime libdefaults setting
  * Change KRB5_AUTHDATA_SIGNTICKET from 142 to 512

-------------------------------------------------------------------
Thu Mar  4 10:42:29 CET 2010 - mc@suse.de

- update to version 1.8
  * Increase code quality 
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance 
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service 
    principal referrals.
  * Disable DES by default 
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB 
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
- fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
- fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
- fix integer underflow in AES and RC4 decryption
  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
 
-------------------------------------------------------------------
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de

- add baselibs.conf as a source

-------------------------------------------------------------------
Fri Nov 13 16:51:37 CET 2009 - mc@suse.de

- enhance '$PATH' only if the directories are available
  and not empty (bnc#544949)

-------------------------------------------------------------------
Sun Jul 12 21:36:17 CEST 2009 - coolo@novell.com

- readd lost baselibs.conf

-------------------------------------------------------------------
Wed Jun  3 10:23:42 CEST 2009 - mc@suse.de

- update to final 1.7 release 

-------------------------------------------------------------------
Wed May 13 11:30:42 CEST 2009 - mc@suse.de

- update to version 1.7 Beta2 
  * Incremental propagation support for the KDC database.
  * Flexible Authentication Secure Tunneling (FAST), a preauthentiation
    framework that can protect the AS exchange from dictionary attack.
  * Implement client and KDC support for GSS_C_DELEG_POLICY_FLAG, which
    allows a GSS application to request credential delegation only if
    permitted by KDC policy.
  * Fix CVE-2009-0844, CVE-2009-0845, CVE-2009-0846, CVE-2009-0847 --
    various vulnerabilities in SPNEGO and ASN.1 code.

-------------------------------------------------------------------
Mon Feb 16 13:04:26 CET 2009 - mc@suse.de

- update to pre 1.7 version 
  * Remove support for version 4 of the Kerberos protocol (krb4).
  * New libdefaults configuration variable "allow_weak_crypto".
  * Client library now follows client principal referrals, for
    compatibility with Windows.
  * KDC can issue realm referrals for service principals based on domain
    names.
  * Encryption algorithm negotiation (RFC 4537).
  * In the replay cache, use a hash over the complete ciphertext to
    avoid false-positive replay indications.
  * Microsoft GSS_WrapEX, implemented using the gss_iov API, which is
    similar to the equivalent SSPI functionality.
  * DCE RPC, including three-leg GSS context setup and unencapsulated
    GSS tokens.
  * NTLM recognition support in GSS-API, to facilitate dropping in an
    NTLM implementation.
  * KDC support for principal aliases, if the back end supports them.
  * Microsoft set/change password (RFC 3244) protocol in kadmind.
  * Master key rollover support.

-------------------------------------------------------------------
Wed Jan 14 09:21:36 CET 2009 - olh@suse.de

- obsolete also old heimdal-lib-XXbit and heimdal-devel-XXbit

-------------------------------------------------------------------
Thu Dec 11 14:12:57 CET 2008 - mc@suse.de

- do not query IPv6 addresses if no IPv6 address exists on this host
  [bnc#449143] 

-------------------------------------------------------------------
Wed Dec 10 12:34:56 CET 2008 - olh@suse.de

- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade
  (bnc#437293)

-------------------------------------------------------------------
Thu Oct 30 12:34:56 CET 2008 - olh@suse.de

- obsolete old -XXbit packages (bnc#437293)

-------------------------------------------------------------------
Fri Sep 26 18:13:19 CEST 2008 - mc@suse.de

- in case we use ldap as database backend, ldap should be
  started before krb5kdc 

-------------------------------------------------------------------
Mon Jul 28 10:43:29 CEST 2008 - mc@suse.de

- add new fixes to post 1.6.3 patch
  * fix mem leak in krb5_gss_accept_sec_context()
  * keep minor_status
  * kadm5_decrypt_key: A ktype of -1 is documented as meaning 
    "to be ignored" 
  * Reject socket fds > FD_SETSIZE

-------------------------------------------------------------------
Fri Jul 25 12:13:24 CEST 2008 - mc@suse.de

- add patches from SVN post 1.6.3
  * krb5_string_to_keysalts: Fix an infinite loop
  * fix some mutex issues
  * better recovery from corrupt rcache files
  * some more small fixes

-------------------------------------------------------------------
Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de

- add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings 

-------------------------------------------------------------------
Wed May 14 17:44:59 CEST 2008 - mc@suse.de

- Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests
  (fix changing passwords in mixed ipv4/ipv6 enviroments) 

-------------------------------------------------------------------
Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de

- added baselibs.conf file to build xxbit packages
  for multilib support

-------------------------------------------------------------------
Wed Apr  9 12:04:48 CEST 2008 - mc@suse.de

- modify krb5-config to not output rpath and cflags in --libs 
  (bnc#378270)

-------------------------------------------------------------------
Fri Mar 14 11:27:55 CET 2008 - mc@suse.de

- fix two security bugs:
  * MITKRB5-SA-2008-001(CVE-2008-0062, CVE-2008-0063)
    fix double free [bnc#361373]
  * MITKRB5-SA-2008-002(CVE-2008-0947, CVE-2008-0948)
    Memory corruption while too many open file descriptors
    [bnc#363151]
- change default config file. Comment out the examples. 

-------------------------------------------------------------------
Fri Dec 14 10:48:52 CET 2007 - mc@suse.de

- fix several security bugs:
  * CVE-2007-5894 apparent uninit length
  * CVE-2007-5902 integer overflow
  * CVE-2007-5971 free of non-heap pointer and double-free
  * CVE-2007-5972 double fclose()
  [#346745, #346748, #346746, #346749, #346747]

-------------------------------------------------------------------
Tue Dec  4 16:36:07 CET 2007 - mc@suse.de

- improve GSSAPI error messages 

-------------------------------------------------------------------
Tue Nov  6 13:53:17 CET 2007 - mc@suse.de

- add coreutils to PreReq 

-------------------------------------------------------------------
Tue Oct 23 10:24:25 CEST 2007 - mc@suse.de

- update to krb5 version 1.6.3
  * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
  * fix CVE-2007-4000 modify_policy vulnerability
  * Add PKINIT support
- remove patches which are upstream now
- enhance init scripts and xinetd profiles

-------------------------------------------------------------------
Fri Sep 14 12:08:55 CEST 2007 - mc@suse.de

- update krb5-1.6.2-post.dif
  * If a KDC returns KDC_ERR_SVC_UNAVAILABLE, it appears that 
    that the client library will not failover to the next KDC. 
    [#310540]

-------------------------------------------------------------------
Tue Sep 11 15:09:14 CEST 2007 - mc@suse.de

- update krb5-1.6.2-post.dif
  * new -S sname option for kvno
  * read_entropy_from_device on partial read will not fill buffer
  * Bail out if encoded "ticket" doesn't decode correctly.
  * patch for referrals loop 

-------------------------------------------------------------------
Thu Sep  6 10:43:39 CEST 2007 - mc@suse.de

- fix a problem with the originally published patch
  for MITKRB5-SA-2007-006 - CVE-2007-3999
  [#302377]

-------------------------------------------------------------------
Wed Sep  5 12:18:21 CEST 2007 - mc@suse.de

- fix execute arbitrary code
  (MITKRB5-SA-2007-006 - CVE-2007-3999,2007-4000)
  [#302377]

-------------------------------------------------------------------
Tue Aug  7 11:56:41 CEST 2007 - mc@suse.de

- add krb5-1.6.2-post.dif
  * during the referrals loop, check to see if the
    session key enctype of a returned credential for the final 
    service is among the enctypes explicitly selected by the 
    application, and retry with old_use_conf_ktypes if it is not. 
  * If mkstemp() is available, the new ccache file gets created but 
    the subsequent open(O_CREAT|O_EXCL) call fails because the file
    was already created by mkstemp(). Apply patch from Apple to keep
    the file descriptor open.

-------------------------------------------------------------------
Thu Jul 12 17:01:28 CEST 2007 - mc@suse.de

- update to version 1.6.2
- remove krb5-1.6.1-post.dif all fixes are included in this release 

-------------------------------------------------------------------
Thu Jul  5 18:10:28 CEST 2007 - mc@suse.de

- change requires to libcom_err-devel

-------------------------------------------------------------------
Mon Jul  2 11:26:47 CEST 2007 - mc@suse.de

- update krb5-1.6.1-post.dif
  * fix leak in krb5_walk_realm_tree
  * rd_req_decoded needs to deal with referral realms 
  * fix buffer overflow in kadmind
    (MITKRB5-SA-2007-005 - CVE-2007-2798)
    [#278689]
  * fix kadmind code execution bug
    (MITKRB5-SA-2007-004 - CVE-2007-2442 - CVE-2007-2443)
    [#271191]

-------------------------------------------------------------------
Thu Jun 14 17:44:12 CEST 2007 - mc@suse.de

- fix unstripped-binary-or-object rpmlint warning 

-------------------------------------------------------------------
Mon Jun 11 18:04:23 CEST 2007 - sschober@suse.de

- fixing rpmlint warnings and errors:
  * merged logrotate scripts kadmin and krb5kdc into a single file
    krb5-server. 
  * moved heimdal2mit-DumpConvert.pl and simple_convert_krb5conf.pl
    from /usr/share/doc/packages/krb5 to /usr/lib/mit/helper.
    adapted krb5.spec and README.ConvertHeimdalMIT accordingly.
  * added surpression filter for
    "devel-file-in-non-devel-package /usr/lib/libgssapi_krb5.so"
    (see [#147912]).
  * set default runlevel of init scripts in chkconfig line to 3 and
    5

-------------------------------------------------------------------
Wed May  9 15:30:53 CEST 2007 - mc@suse.de

- fix uninitialized salt length 
- add extra check for keytab file

-------------------------------------------------------------------
Thu May  3 12:11:29 CEST 2007 - mc@suse.de

- adding krb5-1.6.1-post.dif
  * fix segfault in krb5_get_init_creds_password 
  * remove debug output in ftp client
  * profile stores empty string values without double quotes

-------------------------------------------------------------------
Mon Apr 23 11:15:10 CEST 2007 - mc@suse.de

- update to final 1.6.1 version  

-------------------------------------------------------------------
Wed Apr 18 14:48:03 CEST 2007 - mc@suse.de

- add plugin directories to main package 

-------------------------------------------------------------------
Mon Apr 16 14:38:08 CEST 2007 - mc@suse.de

- update to version 1.6.1 Beta1
- remove obsolete patches 
  (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
- rework compile_pie patch

-------------------------------------------------------------------
Wed Apr 11 10:58:09 CEST 2007 - mc@suse.de

- update krb5-1.6-post.dif
   * fix kadmind stack overflow in krb5_klog_syslog
     (MITKRB5-SA-2007-002 - CVE-2007-0957)
     [#253548]
   * fix double free attack in the RPC library
     (MITKRB5-SA-2007-003 - CVE-2007-1216)
     [#252487]
   * fix krb5 telnetd login injection
     (MIT-SA-2007-001 - CVE-2007-0956)
     #247765

-------------------------------------------------------------------
Thu Mar 29 12:41:57 CEST 2007 - mc@suse.de

- add ncurses-devel and bison to BuildRequires
- rework some patches

-------------------------------------------------------------------
Mon Mar  5 11:01:20 CET 2007 - mc@suse.de

- move SuSEFirewall service definitions to 
  /etc/sysconfig/SuSEfirewall2.d/services 

-------------------------------------------------------------------
Thu Feb 22 11:13:48 CET 2007 - mc@suse.de

- add firewall definition to krb5-server, FATE #300687

-------------------------------------------------------------------
Mon Feb 19 13:59:43 CET 2007 - mc@suse.de

- update krb5-1.6-post.dif
- move some applications into the right package 

-------------------------------------------------------------------
Fri Feb  9 13:31:22 CET 2007 - mc@suse.de

- update krb5-1.6-post.dif 

-------------------------------------------------------------------
Mon Jan 29 11:27:23 CET 2007 - mc@suse.de

- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
  are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve

-------------------------------------------------------------------
Tue Jan 23 17:21:12 CET 2007 - mc@suse.de

- fix "local variable used before set" in ftp.c
  [#237684]

-------------------------------------------------------------------
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de

- krb5-devel should require keyutils-devel 

-------------------------------------------------------------------
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de

- update to version 1.6
  * Major changes in 1.6 include 
    * Partial client implementation to handle server name referrals. 
    * Pre-authentication plug-in framework, donated by Red Hat. 
    * LDAP KDB plug-in, donated by Novell. 
- remove obsolete patches

-------------------------------------------------------------------
Wed Jan 10 11:16:30 CET 2007 - mc@suse.de

- fix for
    kadmind (via RPC library) calls uninitialized function pointer
    (CVE-2006-6143)(Bug #225990)
    krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
- fix for
    kadmind (via GSS-API mechglue) frees uninitialized pointers
    (CVE-2006-6144)(Bug #225992)
    krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif

-------------------------------------------------------------------
Tue Jan  2 14:53:33 CET 2007 - mc@suse.de

- Fix Requires in krb5-devel 
  [Bug #231008]

-------------------------------------------------------------------
Mon Nov  6 11:49:39 CET 2006 - mc@suse.de

- fix "local variable used before set" [#217692]
- fix strncat warning 

-------------------------------------------------------------------
Fri Oct 27 17:34:30 CEST 2006 - mc@suse.de

- add a default kadm5.dict file
- require $network on daemon start

-------------------------------------------------------------------
Wed Sep 13 10:39:41 CEST 2006 - mc@suse.de

- fix function call with too few arguments [#203837] 

-------------------------------------------------------------------
Thu Aug 24 12:52:25 CEST 2006 - mc@suse.de

- update to version 1.5.1
- remove obsolete patches which are now included upstream
  * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  * trunk-fix-uninitialized-vars.dif 

-------------------------------------------------------------------
Fri Aug 11 14:29:27 CEST 2006 - mc@suse.de

- krb5 setuid return check fixes
  krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
  [#182351]

-------------------------------------------------------------------
Mon Aug  7 15:54:26 CEST 2006 - mc@suse.de

- remove update-messages 

-------------------------------------------------------------------
Mon Jul 24 15:45:14 CEST 2006 - mc@suse.de

- add check for krb5_prop in services to kpropd init script.
  [#192446]

-------------------------------------------------------------------
Mon Jul  3 14:59:35 CEST 2006 - mc@suse.de

- update to version 1.5
  * KDB abstraction layer, donated by Novell. 
  * plug-in architecture, allowing for extension modules to be 
    loaded at run-time. 
  * multi-mechanism GSS-API implementation ("mechglue"), 
    donated by Sun Microsystems 
  * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") 
    implementation, donated by Sun Microsystems 
- remove obsolete patches and add some new

-------------------------------------------------------------------
Fri May 26 14:50:00 CEST 2006 - ro@suse.de

- libcom is not in e2fsck-devel but in its own package now, change
  Requires accordingly.

-------------------------------------------------------------------
Mon Mar 27 14:10:02 CEST 2006 - mc@suse.de

- add all daemons to %stop_on_removal and %restart_on_update
- add reload to kpropd init script
- add force-reload to all init scripts 

-------------------------------------------------------------------
Mon Mar 13 18:20:36 CET 2006 - mc@suse.de

- add libgssapi_krb5.so link to main package [#147912] 

-------------------------------------------------------------------
Fri Feb  3 18:17:01 CET 2006 - mc@suse.de

- fix logging section for kadmind in convert script 

-------------------------------------------------------------------
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de

- converted neededforbuild to BuildRequires

-------------------------------------------------------------------
Fri Jan 13 14:44:24 CET 2006 - mc@suse.de

- change the logging defaults 

-------------------------------------------------------------------
Wed Jan 11 12:59:08 CET 2006 - mc@suse.de

- add tools and README for heimdal => MIT update 

-------------------------------------------------------------------
Mon Jan  9 14:41:07 CET 2006 - mc@suse.de

- fix build problems, define _GNU_SOURCE
  (krb5-1.4.3-set_gnu_source.dif )

-------------------------------------------------------------------
Tue Jan  3 16:00:13 CET 2006 - mc@suse.de

- added "make %{?jobs:-j%jobs}" 

-------------------------------------------------------------------
Fri Nov 18 12:12:01 CET 2005 - mc@suse.de

- update to version 1.4.3
  * some memmory leaks fixed
  * fix for "AS_REP padata has wrong enctype"
  * fix for "AS_REP padata missing PA-ETYPE-INFO"
  * ... and more 

-------------------------------------------------------------------
Wed Nov  2 21:23:32 CET 2005 - dmueller@suse.de

- don't build as root 

-------------------------------------------------------------------
Tue Oct 11 17:39:23 CEST 2005 - mc@suse.de

- update to version 1.4.2
- remove some obsolet patches 

-------------------------------------------------------------------
Mon Aug  8 16:07:51 CEST 2005 - mc@suse.de

- build with --disable-static 

-------------------------------------------------------------------
Thu Aug  4 16:47:43 CEST 2005 - ro@suse.de

- remove devel-static subpackage 

-------------------------------------------------------------------
Thu Jun 30 10:12:30 CEST 2005 - mc@suse.de

- better patch for princ_comp problem 

-------------------------------------------------------------------
Mon Jun 27 13:34:50 CEST 2005 - mc@suse.de

- update to version 1.4.1
- remove obsolet patches
  - krb5-1.4-gcc4.dif
  - krb5-1.4-reduce-namespace-polution.dif
  - krb5-1.4-VUL-0-telnet.dif

-------------------------------------------------------------------
Thu Jun 23 10:12:54 CEST 2005 - mc@suse.de

- fixed krb5 KDC heap corruption by random free
  [#80574, CAN-2005-1174, MITKRB5-SA-2005-002]
- fixed krb5 double free()
  [#86768, CAN-2005-1689, MITKRB5-SA-2005-003]
- fix krb5 NULL pointer reference while comparing principals
  [#91600] 

-------------------------------------------------------------------
Fri Jun 17 17:18:19 CEST 2005 - mc@suse.de

- fix uninitialized variables 
- compile with -fPIE/ link with -pie

-------------------------------------------------------------------
Wed Apr 20 15:36:16 CEST 2005 - mc@suse.de

- fixed wrong xinetd files [#77149] 

-------------------------------------------------------------------
Fri Apr  8 04:55:55 CEST 2005 - mt@suse.de

- removed krb5-1.4-fix-error_tables.dif patch obsoleted
  by libcom_err locking patches

-------------------------------------------------------------------
Thu Apr  7 13:49:37 CEST 2005 - mc@suse.de

- fixed missing descriptions in init files 
  [#76164, #76165, #76166, #76169]  

-------------------------------------------------------------------
Wed Mar 30 18:11:38 CEST 2005 - mc@suse.de

- enhance $PATH via /etc/profile.d/ [#74018]
- remove the "links to important programs" 

-------------------------------------------------------------------
Fri Mar 18 11:09:43 CET 2005 - mc@suse.de

- fixed not running converter script [#72854] 

-------------------------------------------------------------------
Thu Mar 17 14:15:17 CET 2005 - mc@suse.de

- Fix CAN-2005-0469: Multiple Telnet Client slc_add_reply() Buffer 
                     Overflow
- Fix CAN-2005-0468: Multiple Telnet Client env_opt_add() Buffer 
                     Overflow
  [#73618]

-------------------------------------------------------------------
Wed Mar 16 13:10:18 CET 2005 - mc@suse.de

- fixed wrong PreReqs [#73020]

-------------------------------------------------------------------
Tue Mar 15 19:54:58 CET 2005 - mc@suse.de

- add a simple krb5.conf converter [#72854]

-------------------------------------------------------------------
Mon Mar 14 17:08:59 CET 2005 - mc@suse.de

- fixed: rckrb5kdc restart gives wrong status with non-running service
  [#72446] 

-------------------------------------------------------------------
Thu Mar 10 10:48:07 CET 2005 - mc@suse.de

- add requires: e2fsprogs-devel to krb5-devel package [#71732] 

-------------------------------------------------------------------
Fri Feb 25 17:35:37 CET 2005 - mc@suse.de

- fix double free [#66534]
  krb5-1.4-fix-error_tables.dif 

-------------------------------------------------------------------
Fri Feb 11 14:01:32 CET 2005 - mc@suse.de

- change mode for shared libraries to 755 

-------------------------------------------------------------------
Fri Feb  4 16:48:16 CET 2005 - mc@suse.de

- remove spx.c from tarball because of legal risk
- add README.Source which tell the user about this 
  action.
- add a check for spx.c in the spec-file
- use rich-text for update-messages [#50250] 

-------------------------------------------------------------------
Tue Feb  1 12:13:45 CET 2005 - mc@suse.de

- add krb5-1.4-reduce-namespace-polution.dif
  reduce namespace polution in gssapi.h [#50356] 

-------------------------------------------------------------------
Fri Jan 28 13:25:42 CET 2005 - mc@suse.de

- update to version 1.4
- Add implementation of the RPCSEC_GSS authentication flavor to the
  RPC library.
- Thread safety for krb5 libraries.
- Merged Athena telnetd changes for creating a new option for
  requiring encryption.
- The kadmind4 backwards-compatibility admin server and the v5passwdd
  backwards-compatibility password-changing server have been removed.
- Yarrow code now uses AES.
- Merged Athena changes to allow ftpd to require encrypted passwords.
- Incorporate gss_krb5_set_allowable_enctypes() and
  gss_krb5_export_lucid_sec_context(), which are needed for NFSv4.
- remove obsolet patches

-------------------------------------------------------------------
Mon Jan 17 11:34:52 CET 2005 - mc@suse.de

- add proofreaded update-messages 

-------------------------------------------------------------------
Fri Jan 14 14:38:25 CET 2005 - mc@suse.de

- remove Conflicts: and add Provides: 
- add some insserv stuff 

-------------------------------------------------------------------
Thu Jan 13 11:54:01 CET 2005 - mc@suse.de

- move vendor files to vendor-files.tar.bz2
- add obsoletes: heimdal
- add %pre and %post sections to detect update
  from heimdal and backup invalid configuration files
- add update-messages for heimdal update

-------------------------------------------------------------------
Mon Jan 10 12:18:02 CET 2005 - mc@suse.de

- update to version 1.3.6
- fix for: heap buffer overflow in libkadm5srv 
  [CAN-2004-1189 / MITKRB5-SA-2004-004] 

-------------------------------------------------------------------
Tue Dec 14 15:30:23 CET 2004 - mc@suse.de

- build doc subpackage in an own specfile 
- removed unnecessary neededforbuild requirements

-------------------------------------------------------------------
Wed Nov 24 13:37:53 CET 2004 - coolo@suse.de

- fix build with gcc 4

-------------------------------------------------------------------
Mon Nov 15 17:25:56 CET 2004 - mc@suse.de

- added Conflicts with heimdal*
- rename some manpages to avoid conflicts 

-------------------------------------------------------------------
Thu Nov  4 18:03:11 CET 2004 - mc@suse.de

- new init scripts
- fix logrotate scripts
- add some 64Bit fixes
- add default krb5.conf, kdc.conf and kadm5.acl

-------------------------------------------------------------------
Wed Nov  3 18:52:07 CET 2004 - mc@suse.de

- add e2fsprogs to NFB
- use system-et and system-ss 
- fix includes of com_err.h 

-------------------------------------------------------------------
Thu Oct 28 17:58:41 CEST 2004 - mc@suse.de

- Initital checkin