File krb5.spec of Package krb5
#
# spec file for package krb5 (Version 1.6.3)
#
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5
Version: 1.6.3
Release: 132.<RELEASE11>
BuildRequires: bison libcom_err-devel ncurses-devel
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
%endif
%define srcRoot krb5-1.6.3
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/%{name}
Provides: heimdal-lib
Obsoletes: heimdal-lib
# bug437293
%ifarch ppc64
Obsoletes: heimdal-lib-64bit
Obsoletes: krb5-64bit
%endif
#
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
Url: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.6.3.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Source5: %{name}-%{version}-rpmlintrc
Source10: krb5-trunk-manpaths.txt
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.6.1-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif
Patch25: krb5-1.6.1-init-salt-length.dif
Patch30: trunk-manpaths.dif
Patch31: krb5-1.6-ldap-man.dif
Patch32: krb5-1.4.3-enospc.dif
Patch33: krb5-1.3.3-rcp-markus.dif
Patch34: gssapi_improve_errormessages.dif
Patch35: krb5-1.6-fix-CVE-2007-5894.dif
Patch36: krb5-1.6-fix-CVE-2007-5902.dif
Patch37: krb5-1.6-fix-CVE-2007-5971.dif
Patch38: krb5-1.6-fix-CVE-2007-5972.dif
Patch39: krb5-1.6-MITKRB5-SA-2008-001.dif
Patch40: krb5-1.6-MITKRB5-SA-2008-002.dif
Patch41: krb5-trunk-kpasswd_tcp.patch
Patch42: krb5-trunk-seqnum.patch
Patch43: krb5-1.6.3-case-insensitive.dif
Patch44: krb5-1.6.3-ktutil-manpage.dif
Patch45: krb5-1.6.3-post.dif
Patch46: krb5-1.6.3-fix-ipv6-query.dif
Patch47: krb5-1.6-MITKRB5-SA-2009-001.dif
Patch48: krb5-1.6-MITKRB5-SA-2009-002.dif
Patch49: krb5-1.6-MITKRB5-SA-2009-004.dif
Patch50: krb5-1.6-fix-CVE-2010-0629.dif
Patch51: krb5-MITKRB5-SA-2010-005.dif
Patch52: krb5-1.6-MITKRB5-SA-2010-007.dif
Patch53: krb5-1.6-MITKRB5-SA-2011-002.dif
Patch60: krb5-appl-telnet-CVE-2011-4862.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package client
License: X11/MIT
Summary: MIT Kerberos5 implementation - client programs
Group: Productivity/Networking/Security
Provides: heimdal-tools, heimdal-x11
Obsoletes: heimdal-tools, heimdal-x11
%description client
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some required
client programs, like kinit, kadmin, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package server
License: X11/MIT
Summary: MIT Kerberos5 implementation - server
Group: Productivity/Networking/Security
Provides: heimdal
Obsoletes: heimdal
Requires: perl-Date-Calc
Requires: logrotate cron
PreReq: %insserv_prereq %fillup_prereq
%description server
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes the kdc, kadmind
and more.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package devel
License: X11/MIT
Summary: MIT Kerberos5 - Include Files and Libraries
Group: Development/Libraries/C and C++
PreReq: %{name} = %{version}
Requires: libcom_err-devel
%if %{suse_version} > 1010
Requires: keyutils-devel
%endif
Provides: heimdal-tools-devel, heimdal-devel
Obsoletes: heimdal-tools-devel, heimdal-devel
# bug437293
%ifarch ppc64
Obsoletes: heimdal-devel-64bit
Obsoletes: krb5-devel-64bit
%endif
#
%description devel
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes Libraries and
Include Files for Development
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-servers
License: X11/MIT
Summary: MIT Kerberos5 server applications
Group: Productivity/Networking/Security
%description apps-servers
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible server applications like ftpd, klogind, telnetd, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package apps-clients
License: X11/MIT
Summary: MIT Kerberos5 client applications
Group: Productivity/Networking/Security
%description apps-clients
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords. This package includes some kerberos
compatible client applications like ftp, rpc, rlogin, telnet, ...
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch6
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
%patch21
%patch22
%patch24
%patch25
%patch30 -p1
%patch31
%patch32 -p1
%patch33 -p1
%patch34 -p1
%patch35
%patch36
%patch37
%patch38
%patch39 -p1
%patch40
%patch41
%patch42
%patch43
%patch44 -p1
%patch45
%patch46 -p1
%patch47
%patch48
%patch49 -p1
%patch50
%patch51 -p1
%patch52 -p1
%patch53
%patch60 -p1
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
# Rename the man pages so that they'll get generated correctly.
pushd src
cat $RPM_SOURCE_DIR/krb5-trunk-manpaths.txt | while read manpage ; do
mv "$manpage" "$manpage".in
done
popd
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -D__CI_PRINC__ -fPIC " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-dns \
--with-system-et \
--with-system-ss
make %{?jobs:-j%jobs}
#make check
%install
cd src
make DESTDIR=%{buildroot} install
cd ..
# Munge the krb5-config script to remove rpaths and CFLAGS.
sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config
# install sample config files
# I'll probably do something about this later on
mkdir -p %{buildroot}%{_sysconfdir} %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc
mkdir -p %{buildroot}%{_sysconfdir}
mkdir -p %{buildroot}/etc/profile.d/
mkdir -p %{buildroot}/var/log/krb5
mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/
# create plugin directories
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5
install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir}
install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_localstatedir}/lib/kerberos/krb5kdc/
install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
for n in ftpd.8 telnetd.8; do
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
done
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
done
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
# and binaries too
chmod 0755 %{buildroot}/usr/lib/mit/bin/v4rcp
chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu
# install init scripts
mkdir -p %{buildroot}%{_sysconfdir}/init.d
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
install -m 755 %{vendorFiles}/krb524d.init %{buildroot}%{_sysconfdir}/init.d/krb524d
# install xinetd files
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
# install logrotate files
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
find . -type f -name '*.ps' -exec gzip -9 {} \;
# create rc* links
mkdir -p %{buildroot}/usr/bin/
ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/bin/rckadmind
ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/bin/rckrb5kdc
ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/bin/rckpropd
ln -sf ../../etc/init.d/krb524d %{buildroot}/usr/bin/rckrb524d
# create links for kinit and klist, because of the java ones
ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit
ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist
# install helper scripts
install -d -m 755 %{buildroot}/usr/lib/mit/helper
install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/usr/lib/mit/helper/heimdal2mit-DumpConvert.pl
install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/usr/lib/mit/helper/simple_convert_krb5conf.pl
# install doc
install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%pre
# test update from heimdal-lib
if `ls usr/lib/libotp.so* 2>/dev/null 1>/dev/null`
then
# we update from heimdal
echo "backup /etc/krb5.conf to /etc/krb5.conf.heimdal"
mv etc/krb5.conf etc/krb5.conf.heimdal
touch var/adm/fillup-templates/heimdal-update
if [ -e etc/krb5.keytab ]
then
echo "backup /etc/krb5.keytab to /etc/krb5.keytab.heimdal"
mv etc/krb5.keytab etc/krb5.keytab.heimdal
fi
fi
%post
/sbin/ldconfig
if [ -e var/adm/fillup-templates/heimdal-update ]
then
/usr/lib/mit/helper/simple_convert_krb5conf.pl
rm -f /var/adm/fillup-templates/heimdal-update
fi
if [ ! -e etc/krb5.conf -a -e etc/krb5.conf.rpmnew ]
then
echo "moving /etc/krb5.conf.rpmnew to /etc/krb5.conf"
mv etc/krb5.conf.rpmnew etc/krb5.conf
fi
%postun
/sbin/ldconfig
#####################################################
# krb5-server preun/postun
#####################################################
%preun server
%stop_on_removal krb5kdc kadmind kpropd krb524d
%postun server
%restart_on_update krb5kdc kadmind kpropd krb524d
%{insserv_cleanup}
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files
%defattr(-,root,root)
%dir %{krb5docdir}
# add plugin directories
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir %{_libdir}/krb5/plugins/preauth
%dir %{_libdir}/krb5/plugins/libkrb5
%dir /usr/lib/mit/helper
# add log directory
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
/usr/lib/mit/helper/simple_convert_krb5conf.pl
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
%{_libdir}/lib*.so.*
%{_libdir}/libgssapi_krb5.so
%files server
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server
%{_sysconfdir}/init.d/kadmind
%{_sysconfdir}/init.d/krb5kdc
%{_sysconfdir}/init.d/kpropd
%{_sysconfdir}/init.d/krb524d
%dir %{krb5docdir}
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
%dir /usr/lib/mit/helper
%dir %{_localstatedir}/lib/kerberos/
%dir %{_localstatedir}/lib/kerberos/krb5kdc
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%doc %{krb5docdir}/README.ConvertHeimdalMIT
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
/usr/bin/rc*
/usr/lib/mit/sbin/kadmin.local
/usr/lib/mit/sbin/kadmind
/usr/lib/mit/sbin/kpropd
/usr/lib/mit/sbin/kprop
/usr/lib/mit/sbin/kdb5_util
/usr/lib/mit/sbin/krb5kdc
/usr/lib/mit/sbin/krb524d
/usr/lib/mit/sbin/EncryptWithMasterKey
/usr/lib/mit/helper/heimdal2mit-DumpConvert.pl
%{_libdir}/krb5/plugins/kdb/*.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
%{_mandir}/man8/kpropd.8*
%{_mandir}/man8/kprop.8*
%{_mandir}/man8/kdb5_util.8*
%{_mandir}/man8/krb5kdc.8*
%{_mandir}/man8/krb524d.8*
/etc/sysconfig/SuSEfirewall2.d/services/k*
%files client
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/kvno
/usr/lib/mit/bin/kinit
/usr/lib/mit/bin/kdestroy
/usr/lib/mit/bin/kpasswd
/usr/lib/mit/bin/klist
/usr/lib/mit/bin/krb524init
/usr/lib/mit/sbin/kadmin
/usr/lib/mit/sbin/ktutil
/usr/lib/mit/sbin/k5srvutil
/usr/bin/kinit
/usr/bin/klist
%{_mandir}/man1/kvno.1*
%{_mandir}/man1/kinit.1*
%{_mandir}/man1/krb524init.1*
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kpasswd.1*
%{_mandir}/man1/klist.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/kadmin.8*
%{_mandir}/man8/ktutil.8*
%{_mandir}/man8/k5srvutil.8*
%files apps-servers
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
%dir /usr/lib/mit
%dir /usr/lib/mit/sbin
/usr/lib/mit/sbin/ftpd
/usr/lib/mit/sbin/klogind
/usr/lib/mit/sbin/kshd
/usr/lib/mit/sbin/telnetd
/usr/lib/mit/sbin/uuserver
/usr/lib/mit/sbin/sserver
/usr/lib/mit/sbin/gss-server
/usr/lib/mit/sbin/sim_server
/usr/lib/mit/sbin/login.krb5
%{_mandir}/man8/kftpd.8*
%{_mandir}/man8/klogind.8*
%{_mandir}/man8/kshd.8*
%{_mandir}/man8/ktelnetd.8*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/login.krb5.8*
%files apps-clients
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
/usr/lib/mit/bin/ftp
/usr/lib/mit/bin/rlogin
# removed SUID bit, we will rely on su + pam_krb
%attr(0755,root,root) /usr/lib/mit/bin/ksu
/usr/lib/mit/bin/rcp
/usr/lib/mit/bin/rsh
/usr/lib/mit/bin/telnet
/usr/lib/mit/bin/uuclient
/usr/lib/mit/bin/sclient
/usr/lib/mit/bin/gss-client
/usr/lib/mit/bin/sim_client
# removed SUID bit
%attr(0755,root,root)/usr/lib/mit/bin/v4rcp
%{_mandir}/man1/kftp.1*
%{_mandir}/man1/krlogin.1*
%{_mandir}/man1/krsh.1*
%{_mandir}/man1/ktelnet.1*
%{_mandir}/man1/ksu.1*
%{_mandir}/man1/krcp.1*
%{_mandir}/man1/v4rcp.1*
%{_mandir}/man1/sclient.1*
%files devel
%defattr(-,root,root)
%dir /usr/lib/mit
%dir /usr/lib/mit/bin
%dir /usr/lib/mit/sbin
/usr/lib/mit/bin/krb5-config
%{_libdir}/libdes425.so
%{_libdir}/libgssrpc.so
%{_libdir}/libk5crypto.so
%{_libdir}/libkadm5clnt.so
%{_libdir}/libkadm5srv.so
%{_libdir}/libkdb5.so
%{_libdir}/libkrb4.so
%{_libdir}/libkrb5.so
%{_libdir}/libkrb5support.so
%{_includedir}/*
/usr/lib/mit/sbin/krb5-send-pr
%{_mandir}/man1/krb5-send-pr.1*
%{_mandir}/man1/krb5-config.1*
%changelog
