source: server/fedora/ref-prepatch/krb5.spec @ 786

Last change on this file since 786 was 34, checked in by jbarnold, 19 years ago
added reference spec files
File size: 45.5 KB
Line 
1%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
2%define WITH_SELINUX 0
3%endif
4
5%define krb5prefix %{_prefix}/kerberos
6
7# FIXME: is it upstream's intention that the new autoconf macro be installed?
8%define install_macro 0
9
10Summary: The Kerberos network authentication system.
11Name: krb5
12Version: 1.5
13Release: 7
14# Maybe we should explode from the now-available-to-everybody tarball instead?
15# http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
16Source0: krb5-%{version}.tar.gz
17Source1: krb5-%{version}.tar.gz.asc
18Source2: kpropd.init
19Source3: krb524d.init
20Source4: kadmind.init
21Source5: krb5kdc.init
22Source6: krb5.conf
23Source7: krb5.sh
24Source8: krb5.csh
25Source9: kdcrotate
26Source10: kdc.conf
27Source11: kadm5.acl
28Source12: krsh
29Source13: krlogin
30Source14: eklogin.xinetd
31Source15: klogin.xinetd
32Source16: kshell.xinetd
33Source17: krb5-telnet.xinetd
34Source18: gssftp.xinetd
35Source19: krb5kdc.sysconfig
36Source20: kadmin.sysconfig
37Source21: krb524.sysconfig
38Source22: ekrb5-telnet.xinetd
39
40Patch2: krb5-1.3-manpage-paths.patch
41Patch3: krb5-1.3-netkit-rsh.patch
42Patch4: krb5-1.3-rlogind-environ.patch
43Patch5: krb5-1.3-ksu-access.patch
44Patch6: krb5-1.5-ksu-path.patch
45Patch9: krb5-1.5-brokenrev.patch
46Patch11: krb5-1.2.1-passive.patch
47Patch12: krb5-1.4-ktany.patch
48Patch13: krb5-1.3-large-file.patch
49Patch14: krb5-1.3-ftp-glob.patch
50Patch15: krb5-1.3-check.patch
51Patch16: krb5-1.5-no-rpath.patch
52Patch18: krb5-1.2.7-reject-bad-transited.patch
53Patch21: krb5-selinux.patch
54Patch23: krb5-1.3.1-dns.patch
55Patch25: krb5-1.4-null.patch
56Patch26: krb5-1.3.2-efence.patch
57Patch27: krb5-1.3.3-rcp-sendlarge.patch
58Patch29: krb5-1.3.5-kprop-mktemp.patch
59Patch30: krb5-1.3.4-send-pr-tempfile.patch
60Patch32: krb5-1.4-ncurses.patch
61Patch33: krb5-1.5-io.patch
62Patch35: krb5-1.5-fclose.patch
63Patch36: krb5-1.3.3-rcp-markus.patch
64Patch39: krb5-1.4.1-api.patch
65Patch40: krb5-1.4.1-telnet-environ.patch
66Patch41: krb5-1.2.7-login-lpass.patch
67Patch44: krb5-1.4.3-enospc.patch
68Patch45: krb5-1.5-gssinit.patch
69Patch46: http://web.mit.edu/kerberos/advisories/2006-001-patch_1.5.txt
70
71License: MIT, freely distributable.
72URL: http://web.mit.edu/kerberos/www/
73Group: System Environment/Libraries
74BuildRoot: %{_tmppath}/%{name}-%{version}-root
75Prereq: grep, info, sh-utils, /sbin/install-info
76BuildPrereq: autoconf, bison, e2fsprogs-devel >= 1.35, flex
77BuildPrereq: gzip, ncurses-devel, rsh, texinfo, tar
78
79Patch1000: krb5-kuserok-scripts.patch
80
81%description
82Kerberos V5 is a trusted-third-party network authentication system,
83which can improve your network's security by eliminating the insecure
84practice of cleartext passwords.
85
86%package devel
87Summary: Development files needed to compile Kerberos 5 programs.
88Group: Development/Libraries
89Requires: %{name}-libs = %{version}-%{release}, e2fsprogs-devel
90
91%description devel
92Kerberos is a network authentication system. The krb5-devel package
93contains the header files and libraries needed for compiling Kerberos
945 programs. If you want to develop Kerberos-aware programs, you need
95to install this package.
96
97%package libs
98Summary: The shared libraries used by Kerberos 5.
99Group: System Environment/Libraries
100Prereq: grep, /sbin/ldconfig, sh-utils
101Obsoletes: krb5-configs
102
103%description libs
104Kerberos is a network authentication system. The krb5-libs package
105contains the shared libraries needed by Kerberos 5. If you are using
106Kerberos, you need to install this package.
107
108%package server
109Group: System Environment/Daemons
110Summary: The server programs for Kerberos 5.
111Requires: %{name}-libs = %{version}-%{release}
112Prereq: grep, /sbin/install-info, /bin/sh, sh-utils, /sbin/chkconfig
113
114%description server
115Kerberos is a network authentication system. The krb5-server package
116contains the programs that must be installed on a Kerberos 5 server.
117If you are installing a Kerberos 5 server, you need to install this
118package (in other words, most people should NOT install this
119package).
120
121%package workstation
122Summary: Kerberos 5 programs for use on workstations.
123Group: System Environment/Base
124Requires: %{name}-libs = %{version}-%{release}
125Prereq: grep, /sbin/install-info, /bin/sh, sh-utils
126# mktemp is used by krb5-send-pr
127Requires: mktemp
128
129%description workstation
130Kerberos is a network authentication system. The krb5-workstation
131package contains the basic Kerberos programs (kinit, klist, kdestroy,
132kpasswd) as well as kerberized versions of Telnet and FTP. If your
133network uses Kerberos, this package should be installed on every
134workstation.
135
136%changelog
137* Wed Sep  6 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-7
138- set SS_LIB at configure-time so that libss-using apps get working readline
139  support (#197044)
140
141* Fri Aug 18 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-6
142- switch to the updated patch for MITKRB-SA-2006-001
143
144* Tue Aug  8 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-5
145- apply patch to address MITKRB-SA-2006-001 (CVE-2006-3084)
146
147* Mon Aug  7 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-4
148- ensure that the gssapi library's been initialized before walking the
149  internal mechanism list in gss_release_oid(), needed if called from
150  gss_release_name() right after a gss_import_name() (#198092)
151
152* Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-3
153- rebuild
154
155* Tue Jul 25 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-2
156- pull up latest revision of patch to reduce lockups in rsh/rshd
157
158* Mon Jul 17 2006 Nalin Dahyabhai <nalin@redhat.com> - 1.5-1.2
159- rebuild
160
161* Wed Jul 12 2006 Jesse Keating <jkeating@redhat.com> - 1.5-1.1
162- rebuild
163
164* Thu Jul  6 2006 Nalin Dahyabhai <nalin@redhat.com> 1.5-1
165- build
166
167* Wed Jul  5 2006 Nalin Dahyabhai <nalin@redhat.com> 1.5-0
168- update to 1.5
169
170* Fri Jun 23 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-9
171- mark profile.d config files noreplace (Laurent Rineau, #196447)
172
173* Thu Jun  8 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-8
174- add buildprereq for autoconf
175
176* Mon May 22 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-7
177- further munge krb5-config so that 'libdir=/usr/lib' is given even on 64-bit
178  architectures, to avoid multilib conflicts; other changes will conspire to
179  strip out the -L flag which uses this, so it should be harmless (#192692)
180
181* Fri Apr 28 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-6
182- adjust the patch which removes the use of rpath to also produce a
183  krb5-config which is okay in multilib environments (#190118)
184- make the name-of-the-tempfile comment which compile_et adds to error code
185  headers always list the same file to avoid conflicts on multilib installations
186- strip SIZEOF_LONG out of krb5.h so that it doesn't conflict on multilib boxes
187- strip GSS_SIZEOF_LONG out of gssapi.h so that it doesn't conflict on mulitlib
188  boxes
189
190* Fri Apr 14 2006 Stepan Kasal <skasal@redhat.com> 1.4.3-5
191- Fix formatting typo in kinit.1 (krb5-kinit-man-typo.patch)
192
193* Fri Feb 10 2006 Jesse Keating <jkeating@redhat.com> 1.4.3-4.1
194- bump again for double-long bug on ppc(64)
195
196* Mon Feb  6 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-4
197- give a little bit more information to the user when kinit gets the catch-all
198  I/O error (#180175)
199
200* Thu Jan 19 2006 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-3
201- rebuild properly when pthread_mutexattr_setrobust_np() is defined but not
202  declared, such as with recent glibc when _GNU_SOURCE isn't being used
203
204* Thu Jan 19 2006 Matthias Clasen <mclasen@redhat.com> 1.4.3-2
205- Use full paths in krb5.sh to avoid path lookups
206
207* Fri Dec 09 2005 Jesse Keating <jkeating@redhat.com>
208- rebuilt
209
210* Thu Dec  1 2005 Nalin Dahyabhai <nalin@redhat.com>
211- login: don't truncate passwords before passing them into crypt(), in
212  case they're significant (#149476)
213
214* Thu Nov 17 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.3-1
215- update to 1.4.3
216- make ksu setuid again (#137934, others)
217
218* Tue Sep 13 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-4
219- mark %%{krb5prefix}/man so that files which are packaged within it are
220  flagged as %%doc (#168163)
221
222* Tue Sep  6 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-3
223- add an xinetd configuration file for encryption-only telnetd, parallelling
224  the kshell/ekshell pair (#167535)
225
226* Wed Aug 31 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-2
227- change the default configured encryption type for KDC databases to the
228  compiled-in default of des3-hmac-sha1 (#57847)
229
230* Thu Aug 11 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.2-1
231- update to 1.4.2, incorporating the fixes for MIT-KRB5-SA-2005-002 and
232  MIT-KRB5-SA-2005-003
233
234* Wed Jun 29 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-6
235- rebuild
236
237* Wed Jun 29 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-5
238- fix telnet client environment variable disclosure the same way NetKit's
239  telnet client did (CAN-2005-0488) (#159305)
240- keep apps which call krb5_principal_compare() or krb5_realm_compare() with
241  malformed or NULL principal structures from crashing outright (Thomas Biege)
242  (#161475)
243
244* Tue Jun 28 2005 Nalin Dahyabhai <nalin@redhat.com>
245- apply fixes from draft of MIT-KRB5-SA-2005-002 (CAN-2005-1174,CAN-2005-1175)
246  (#157104)
247- apply fixes from draft of MIT-KRB5-SA-2005-003 (CAN-2005-1689) (#159755)
248
249* Fri Jun 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-4
250- fix double-close in keytab handling
251- add port of fixes for CAN-2004-0175 to krb5-aware rcp (#151612)
252
253* Fri May 13 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-3
254- prevent spurious EBADF in krshd when stdin is closed by the client while
255  the command is running (#151111)
256
257* Fri May 13 2005 Martin Stransky <stransky@redhat.com> 1.4.1-2
258- add deadlock patch, removed old patch
259
260* Fri May  6 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
261- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
262- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig
263  file for the service, pass it as an argument for the -r flag
264
265* Wed Mar 23 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-3
266- drop krshd patch for now
267
268* Thu Mar 17 2005 Nalin Dahyabhai <nalin@redhat.com>
269- add draft fix from Tom Yu for slc_add_reply() buffer overflow (CAN-2005-0469)
270- add draft fix from Tom Yu for env_opt_add() buffer overflow (CAN-2005-0468)
271
272* Wed Mar 16 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-2
273- don't include <term.h> into the telnet client when we're not using curses
274
275* Thu Feb 24 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-1
276- update to 1.4
277  - v1.4 kadmin client requires a v1.4 kadmind on the server, or use the "-O"
278    flag to specify that it should communicate with the server using the older
279    protocol
280  - new libkrb5support library
281  - v5passwdd and kadmind4 are gone
282  - versioned symbols
283- pick up $KRB5KDC_ARGS from /etc/sysconfig/krb5kdc, if it exists, and pass
284  it on to krb5kdc
285- pick up $KADMIND_ARGS from /etc/sysconfig/kadmin, if it exists, and pass
286  it on to kadmind
287- pick up $KRB524D_ARGS from /etc/sysconfig/krb524, if it exists, and pass
288  it on to krb524d *instead of* "-m"
289- set "forwardable" in [libdefaults] in the default krb5.conf to match the
290  default setting which we supply for pam_krb5
291- set a default of 24h for "ticket_lifetime" in [libdefaults], reflecting the
292  compiled-in default
293
294* Mon Dec 20 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-3
295- rebuild
296
297* Mon Dec 20 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-2
298- rebuild
299
300* Mon Dec 20 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.6-1
301- update to 1.3.6, which includes the previous fix
302
303* Mon Dec 20 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-8
304- apply fix from Tom Yu for MITKRB5-SA-2004-004 (CAN-2004-1189)
305
306* Fri Dec 17 2004 Martin Stransky <stransky@redhat.com> 1.3.5-7
307- fix deadlock during file transfer via rsync/krsh
308- thanks goes to James Antil for hint
309
310* Fri Nov 26 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-6
311- rebuild
312
313* Mon Nov 22 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-3
314- fix predictable-tempfile-name bug in krb5-send-pr (CAN-2004-0971, #140036)
315
316* Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com>
317- silence compiler warning in kprop by using an in-memory ccache with a fixed
318  name instead of an on-disk ccache with a name generated by tmpnam()
319
320* Tue Nov 16 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-2
321- fix globbing patch port mode (#139075)
322
323* Mon Nov  1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.5-1
324- fix segfault in telnet due to incorrect checking of gethostbyname_r result
325  codes (#129059)
326
327* Fri Oct 15 2004 Nalin Dahyabhai <nalin@redhat.com>
328- remove rc4-hmac:norealm and rc4-hmac:onlyrealm from the default list of
329  supported keytypes in kdc.conf -- they produce exactly the same keys as
330  rc4-hmac:normal because rc4 string-to-key ignores salts
331- nuke kdcrotate -- there are better ways to balance the load on KDCs, and
332  the SELinux policy for it would have been scary-looking
333- update to 1.3.5, mainly to include MITKRB5SA 2004-002 and 2004-003
334
335* Tue Aug 31 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-7
336- rebuild
337
338* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-6
339- rebuild
340
341* Tue Aug 24 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-5
342- incorporate revised fixes from Tom Yu for CAN-2004-0642, CAN-2004-0644,
343  CAN-2004-0772
344
345* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-4
346- rebuild
347
348* Mon Aug 23 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-3
349- incorporate fixes from Tom Yu for CAN-2004-0642, CAN-2004-0772
350  (MITKRB5-SA-2004-002, #130732)
351- incorporate fixes from Tom Yu for CAN-2004-0644 (MITKRB5-SA-2004-003, #130732)
352
353* Tue Jul 27 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-2
354- fix indexing error in server sorting patch (#127336)
355
356* Tue Jun 15 2004 Elliot Lee <sopwith@redhat.com>
357- rebuilt
358
359* Mon Jun 14 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0.1
360- update to 1.3.4 final
361
362* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.4-0
363- update to 1.3.4 beta1
364- remove MITKRB5-SA-2004-001, included in 1.3.4
365
366* Mon Jun  7 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-8
367- rebuild
368
369* Fri Jun  4 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-7
370- rebuild
371
372* Fri Jun  4 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-6
373- apply updated patch from MITKRB5-SA-2004-001 (revision 2004-06-02)
374
375* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-5
376- rebuild
377
378* Tue Jun  1 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-4
379- apply patch from MITKRB5-SA-2004-001 (#125001)
380
381* Wed May 12 2004 Thomas Woerner <twoerner@redhat.com> 1.3.3-3
382- removed rpath
383
384* Thu Apr 15 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-2
385- re-enable large file support, fell out in 1.3-1
386- patch rcp to use long long and %%lld format specifiers when reporting file
387  sizes on large files
388
389* Tue Apr 13 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.3-1
390- update to 1.3.3
391
392* Wed Mar 10 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.2-1
393- update to 1.3.2
394
395* Mon Mar  8 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-12
396- rebuild
397
398* Tue Mar 02 2004 Elliot Lee <sopwith@redhat.com> 1.3.1-11.1
399- rebuilt
400
401* Fri Feb 13 2004 Elliot Lee <sopwith@redhat.com> 1.3.1-11
402- rebuilt
403
404* Mon Feb  9 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-10
405- catch krb4 send_to_kdc cases in kdc preference patch
406
407* Mon Feb  2 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-9
408- remove patch to set TERM in klogind which, combined with the upstream fix in
409  1.3.1, actually produces the bug now (#114762)
410
411* Mon Jan 19 2004 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-8
412- when iterating over lists of interfaces which are "up" from getifaddrs(),
413  skip over those which have no address (#113347)
414
415* Mon Jan 12 2004 Nalin Dahyabhai <nalin@redhat.com>
416- prefer the kdc which last replied to a request when sending requests to kdcs
417
418* Mon Nov 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-7
419- fix combination of --with-netlib and --enable-dns (#82176)
420
421* Tue Nov 18 2003 Nalin Dahyabhai <nalin@redhat.com>
422- remove libdefault ticket_lifetime option from the default krb5.conf, it is
423  ignored by libkrb5
424
425* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6
426- fix bug in patch to make rlogind start login with a clean environment a la
427  netkit rlogin, spotted and fixed by Scott McClung
428
429* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5
430- include profile.d scriptlets in krb5-devel so that krb5-config will be in
431  the path if krb5-workstation isn't installed, reported by Kir Kolyshkin
432
433* Mon Sep  8 2003 Nalin Dahyabhai <nalin@redhat.com>
434- add more etypes (arcfour) to the default enctype list in kdc.conf
435- don't apply previous patch, refused upstream
436
437* Fri Sep  5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4
438- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
439
440* Wed Sep 3 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3
441- Don't check for write access on /etc/krb5.conf if SELinux
442
443* Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2
444- fixup some int/pointer varargs wackiness
445
446* Tue Aug  5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1
447- rebuild
448
449* Mon Aug  4 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0
450- update to 1.3.1
451
452* Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2
453- pull fix for non-compliant encoding of salt field in etype-info2 preauth
454  data from 1.3.1 beta 1, until 1.3.1 is released.
455
456* Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1
457- update to 1.3
458
459* Mon Jul  7 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4
460- correctly use stdargs
461
462* Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4
463- test update to 1.3 beta 4
464- ditch statglue build option
465- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err
466
467* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
468- rebuilt
469
470* Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2
471- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead
472
473* Wed Apr  9 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1
474- update to 1.2.8
475
476* Mon Mar 31 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-14
477- fix double-free of enc_part2 in krb524d
478
479* Fri Mar 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-13
480- update to latest patch kit for MITKRB5-SA-2003-004
481
482* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-12
483- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028)
484
485* Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-11
486- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and
487  CAN-2003-0139)
488
489* Thu Mar  6 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-10
490- rebuild
491
492* Thu Mar  6 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-9
493- fix buffer underrun in unparsing certain principals (CAN-2003-0082)
494
495* Tue Feb  4 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-8
496- add patch to document the reject-bad-transited option in kdc.conf
497
498* Mon Feb  3 2003 Nalin Dahyabhai <nalin@redhat.com>
499- add patch to fix server-side crashes when principals have no
500  components (CAN-2003-0072)
501
502* Thu Jan 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-7
503- add patch from Mark Cox for exploitable bugs in ftp client
504
505* Wed Jan 22 2003 Tim Powers <timp@redhat.com>
506- rebuilt
507
508* Wed Jan 15 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-5
509- use PICFLAGS when building code from the ktany patch
510
511* Thu Jan  9 2003 Bill Nottingham <notting@redhat.com> 1.2.7-4
512- debloat
513
514* Tue Jan  7 2003 Jeremy Katz <katzj@redhat.com> 1.2.7-3
515- include .so.* symlinks as well as .so.*.*
516
517* Mon Dec  9 2002 Jakub Jelinek <jakub@redhat.com> 1.2.7-2
518- always #include <errno.h> to access errno, never do it directly
519- enable LFS on a bunch of other 32-bit arches
520
521* Wed Dec  4 2002 Nalin Dahyabhai <nalin@redhat.com>
522- increase the maximum name length allowed by kuserok() to the higher value
523  used in development versions
524
525* Mon Dec  2 2002 Nalin Dahyabhai <nalin@redhat.com>
526- install src/krb524/README as README.krb524 in the -servers package,
527  includes information about converting for AFS principals
528
529* Fri Nov 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-1
530- update to 1.2.7
531- disable use of tcl
532
533* Mon Nov 11 2002 Nalin Dahyabhai <nalin@redhat.com>
534- update to 1.2.7-beta2 (internal only, not for release), dropping dnsparse
535  and kadmind4 fixes
536
537* Wed Oct 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.6-5
538- add patch for buffer overflow in kadmind4 (not used by default)
539
540* Fri Oct 11 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.6-4
541- drop a hunk from the dnsparse patch which is actually redundant (thanks to
542  Tom Yu)
543
544* Wed Oct  9 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.6-3
545- patch to handle truncated dns responses
546
547* Mon Oct  7 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.6-2
548- remove hashless key types from the default kdc.conf, they're not supposed to
549  be there, noted by Sam Hartman on krbdev
550
551* Fri Sep 27 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.6-1
552- update to 1.2.6
553
554* Fri Sep 13 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-7
555- use %%{_lib} for the sake of multilib systems
556
557* Fri Aug  2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-6
558- add patch from Tom Yu for exploitable bugs in rpc code used in kadmind
559
560* Tue Jul 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-5
561- fix bug in krb5.csh which would cause the path check to always succeed
562
563* Fri Jul 19 2002 Jakub Jelinek <jakub@redhat.com> 1.2.5-4
564- build even libdb.a with -fPIC and $RPM_OPT_FLAGS.
565
566* Fri Jun 21 2002 Tim Powers <timp@redhat.com>
567- automated rebuild
568
569* Sun May 26 2002 Tim Powers <timp@redhat.com>
570- automated rebuild
571
572* Wed May  1 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-1
573- update to 1.2.5
574- disable statglue
575
576* Fri Mar  1 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-1
577- update to 1.2.4
578
579* Wed Feb 20 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.3-5
580- rebuild in new environment
581- reenable statglue
582
583* Sat Jan 26 2002 Florian La Roche <Florian.LaRoche@redhat.de>
584- prereq chkconfig for the server subpackage
585
586* Wed Jan 16 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.3-3
587- build without -g3, which gives us large static libraries in -devel
588
589* Tue Jan 15 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.3-2
590- reintroduce ld.so.conf munging in the -libs %%post
591
592* Thu Jan 10 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.3-1
593- rename the krb5 package back to krb5-libs; the previous rename caused
594  something of an uproar
595- update to 1.2.3, which includes the FTP and telnetd fixes
596- configure without --enable-dns-for-kdc --enable-dns-for-realm, which now set
597  the default behavior instead of enabling the feature (the feature is enabled
598  by --enable-dns, which we still use)
599- reenable optimizations on Alpha
600- support more encryption types in the default kdc.conf (heads-up from post
601  to comp.protocols.kerberos by Jason Heiss)
602
603* Fri Aug  3 2001 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-14
604- rename the krb5-libs package to krb5 (naming a subpackage -libs when there
605  is no main package is silly)
606- move defaults for PAM to the appdefaults section of krb5.conf -- this is
607  the area where the krb5_appdefault_* functions look for settings)
608- disable statglue (warning: breaks binary compatibility with previous
609  packages, but has to be broken at some point to work correctly with
610  unpatched versions built with newer versions of glibc)
611
612* Fri Aug  3 2001 Nalin Dahyabhai <nalin@redhat.com> 1.2.2-13
613- bump release number and rebuild
614
615* Wed Aug  1 2001 Nalin Dahyabhai <nalin@redhat.com>
616- add patch to fix telnetd vulnerability
617
618* Fri Jul 20 2001 Nalin Dahyabhai <nalin@redhat.com>
619- tweak statglue.c to fix stat/stat64 aliasing problems
620- be cleaner in use of gcc to build shlibs
621
622* Wed Jul 11 2001 Nalin Dahyabhai <nalin@redhat.com>
623- use gcc to build shared libraries
624
625* Wed Jun 27 2001 Nalin Dahyabhai <nalin@redhat.com>
626- add patch to support "ANY" keytab type (i.e.,
627  "default_keytab_name = ANY:FILE:/etc/krb5.keytab,SRVTAB:/etc/srvtab"
628  patch from Gerald Britton, #42551)
629- build with -D_FILE_OFFSET_BITS=64 to get large file I/O in ftpd (#30697)
630- patch ftpd to use long long and %%lld format specifiers to support the SIZE
631  command on large files (also #30697)
632- don't use LOG_AUTH as an option value when calling openlog() in ksu (#45965)
633- implement reload in krb5kdc and kadmind init scripts (#41911)
634- lose the krb5server init script (not using it any more)
635
636* Sun Jun 24 2001 Elliot Lee <sopwith@redhat.com>
637- Bump release + rebuild.
638
639* Tue May 29 2001 Nalin Dahyabhai <nalin@redhat.com>
640- pass some structures by address instead of on the stack in krb5kdc
641
642* Tue May 22 2001 Nalin Dahyabhai <nalin@redhat.com>
643- rebuild in new environment
644
645* Thu Apr 26 2001 Nalin Dahyabhai <nalin@redhat.com>
646- add patch from Tom Yu to fix ftpd overflows (#37731)
647
648* Wed Apr 18 2001 Than Ngo <than@redhat.com>
649- disable optimizations on the alpha again
650
651* Fri Mar 30 2001 Nalin Dahyabhai <nalin@redhat.com>
652- add in glue code to make sure that libkrb5 continues to provide a
653  weak copy of stat()
654
655* Thu Mar 15 2001 Nalin Dahyabhai <nalin@redhat.com>
656- build alpha with -O0 for now
657
658* Thu Mar  8 2001 Nalin Dahyabhai <nalin@redhat.com>
659- fix the kpropd init script
660
661* Mon Mar  5 2001 Nalin Dahyabhai <nalin@redhat.com>
662- update to 1.2.2, which fixes some bugs relating to empty ETYPE-INFO
663- re-enable optimization on Alpha
664
665* Thu Feb  8 2001 Nalin Dahyabhai <nalin@redhat.com>
666- build alpha with -O0 for now
667- own %{_var}/kerberos
668
669* Tue Feb  6 2001 Nalin Dahyabhai <nalin@redhat.com>
670- own the directories which are created for each package (#26342)
671
672* Tue Jan 23 2001 Nalin Dahyabhai <nalin@redhat.com>
673- gettextize init scripts
674
675* Fri Jan 19 2001 Nalin Dahyabhai <nalin@redhat.com>
676- add some comments to the ksu patches for the curious
677- re-enable optimization on alphas
678
679* Mon Jan 15 2001 Nalin Dahyabhai <nalin@redhat.com>
680- fix krb5-send-pr (#18932) and move it from -server to -workstation
681- buildprereq libtermcap-devel
682- temporariliy disable optimization on alphas
683- gettextize init scripts
684
685* Tue Dec  5 2000 Nalin Dahyabhai <nalin@redhat.com>
686- force -fPIC
687
688* Fri Dec  1 2000 Nalin Dahyabhai <nalin@redhat.com>
689- rebuild in new environment
690
691* Tue Oct 31 2000 Nalin Dahyabhai <nalin@redhat.com>
692- add bison as a BuildPrereq (#20091)
693
694* Mon Oct 30 2000 Nalin Dahyabhai <nalin@redhat.com>
695- change /usr/dict/words to /usr/share/dict/words in default kdc.conf (#20000)
696
697* Thu Oct  5 2000 Nalin Dahyabhai <nalin@redhat.com>
698- apply kpasswd bug fixes from David Wragg
699
700* Wed Oct  4 2000 Nalin Dahyabhai <nalin@redhat.com>
701- make krb5-libs obsolete the old krb5-configs package (#18351)
702- don't quit from the kpropd init script if there's no principal database so
703  that you can propagate the first time without running kpropd manually
704- don't complain if /etc/ld.so.conf doesn't exist in the -libs %post
705
706* Tue Sep 12 2000 Nalin Dahyabhai <nalin@redhat.com>
707- fix credential forwarding problem in klogind (goof in KRB5CCNAME handling)
708  (#11588)
709- fix heap corruption bug in FTP client (#14301)
710
711* Wed Aug 16 2000 Nalin Dahyabhai <nalin@redhat.com>
712- fix summaries and descriptions
713- switched the default transfer protocol from PORT to PASV as proposed on
714  bugzilla (#16134), and to match the regular ftp package's behavior
715
716* Wed Jul 19 2000 Jeff Johnson <jbj@redhat.com>
717- rebuild to compress man pages.
718
719* Sat Jul 15 2000 Bill Nottingham <notting@redhat.com>
720- move initscript back
721
722* Fri Jul 14 2000 Nalin Dahyabhai <nalin@redhat.com>
723- disable servers by default to keep linuxconf from thinking they need to be
724  started when they don't
725
726* Thu Jul 13 2000 Prospector <bugzilla@redhat.com>
727- automatic rebuild
728
729* Mon Jul 10 2000 Nalin Dahyabhai <nalin@redhat.com>
730- change cleanup code in post to not tickle chkconfig
731- add grep as a Prereq: for -libs
732
733* Thu Jul  6 2000 Nalin Dahyabhai <nalin@redhat.com>
734- move condrestarts to postun
735- make xinetd configs noreplace
736- add descriptions to xinetd configs
737- add /etc/init.d as a prereq for the -server package
738- patch to properly truncate $TERM in krlogind
739
740* Fri Jun 30 2000 Nalin Dahyabhai <nalin@redhat.com>
741- update to 1.2.1
742- back out Tom Yu's patch, which is a big chunk of the 1.2 -> 1.2.1 update
743- start using the official source tarball instead of its contents
744
745* Thu Jun 29 2000 Nalin Dahyabhai <nalin@redhat.com>
746- Tom Yu's patch to fix compatibility between 1.2 kadmin and 1.1.1 kadmind
747- pull out 6.2 options in the spec file (sonames changing in 1.2 means it's not
748  compatible with other stuff in 6.2, so no need)
749
750* Wed Jun 28 2000 Nalin Dahyabhai <nalin@redhat.com>
751- tweak graceful start/stop logic in post and preun
752
753* Mon Jun 26 2000 Nalin Dahyabhai <nalin@redhat.com>
754- update to the 1.2 release
755- ditch a lot of our patches which went upstream
756- enable use of DNS to look up things at build-time
757- disable use of DNS to look up things at run-time in default krb5.conf
758- change ownership of the convert-config-files script to root.root
759- compress PS docs
760- fix some typos in the kinit man page
761- run condrestart in server post, and shut down in preun
762
763* Mon Jun 19 2000 Nalin Dahyabhai <nalin@redhat.com>
764- only remove old krb5server init script links if the init script is there
765
766* Sat Jun 17 2000 Nalin Dahyabhai <nalin@redhat.com>
767- disable kshell and eklogin by default
768
769* Thu Jun 15 2000 Nalin Dahyabhai <nalin@redhat.com>
770- patch mkdir/rmdir problem in ftpcmd.y
771- add condrestart option to init script
772- split the server init script into three pieces and add one for kpropd
773
774* Wed Jun 14 2000 Nalin Dahyabhai <nalin@redhat.com>
775- make sure workstation servers are all disabled by default
776- clean up krb5server init script
777
778* Fri Jun  9 2000 Nalin Dahyabhai <nalin@redhat.com>
779- apply second set of buffer overflow fixes from Tom Yu
780- fix from Dirk Husung for a bug in buffer cleanups in the test suite
781- work around possibly broken rev binary in running test suite
782- move default realm configs from /var/kerberos to %{_var}/kerberos
783
784* Tue Jun  6 2000 Nalin Dahyabhai <nalin@redhat.com>
785- make ksu and v4rcp owned by root
786
787* Sat Jun  3 2000 Nalin Dahyabhai <nalin@redhat.com>
788- use %%{_infodir} to better comply with FHS
789- move .so files to -devel subpackage
790- tweak xinetd config files (bugs #11833, #11835, #11836, #11840)
791- fix package descriptions again
792
793* Wed May 24 2000 Nalin Dahyabhai <nalin@redhat.com>
794- change a LINE_MAX to 1024, fix from Ken Raeburn
795- add fix for login vulnerability in case anyone rebuilds without krb4 compat
796- add tweaks for byte-swapping macros in krb.h, also from Ken
797- add xinetd config files
798- make rsh and rlogin quieter
799- build with debug to fix credential forwarding
800- add rsh as a build-time req because the configure scripts look for it to
801  determine paths
802
803* Wed May 17 2000 Nalin Dahyabhai <nalin@redhat.com>
804- fix config_subpackage logic
805
806* Tue May 16 2000 Nalin Dahyabhai <nalin@redhat.com>
807- remove setuid bit on v4rcp and ksu in case the checks previously added
808  don't close all of the problems in ksu
809- apply patches from Jeffrey Schiller to fix overruns Chris Evans found
810- reintroduce configs subpackage for use in the errata
811- add PreReq: sh-utils
812
813* Mon May 15 2000 Nalin Dahyabhai <nalin@redhat.com>
814- fix double-free in the kdc (patch merged into MIT tree)
815- include convert-config-files script as a documentation file
816
817* Wed May 03 2000 Nalin Dahyabhai <nalin@redhat.com>
818- patch ksu man page because the -C option never works
819- add access() checks and disable debug mode in ksu
820- modify default ksu build arguments to specify more directories in CMD_PATH
821  and to use getusershell()
822
823* Wed May 03 2000 Bill Nottingham <notting@redhat.com>
824- fix configure stuff for ia64
825
826* Mon Apr 10 2000 Nalin Dahyabhai <nalin@redhat.com>
827- add LDCOMBINE=-lc to configure invocation to use libc versioning (bug #10653)
828- change Requires: for/in subpackages to include %{version}
829
830* Wed Apr 05 2000 Nalin Dahyabhai <nalin@redhat.com>
831- add man pages for kerberos(1), kvno(1), .k5login(5)
832- add kvno to -workstation
833
834* Mon Apr 03 2000 Nalin Dahyabhai <nalin@redhat.com>
835- Merge krb5-configs back into krb5-libs.  The krb5.conf file is marked as
836  a %%config file anyway.
837- Make krb5.conf a noreplace config file.
838
839* Thu Mar 30 2000 Nalin Dahyabhai <nalin@redhat.com>
840- Make klogind pass a clean environment to children, like NetKit's rlogind does.
841
842* Wed Mar 08 2000 Nalin Dahyabhai <nalin@redhat.com>
843- Don't enable the server by default.
844- Compress info pages.
845- Add defaults for the PAM module to krb5.conf
846
847* Mon Mar 06 2000 Nalin Dahyabhai <nalin@redhat.com>
848- Correct copyright: it's exportable now, provided the proper paperwork is
849  filed with the government.
850
851* Fri Mar 03 2000 Nalin Dahyabhai <nalin@redhat.com>
852- apply Mike Friedman's patch to fix format string problems
853- don't strip off argv[0] when invoking regular rsh/rlogin
854
855* Thu Mar 02 2000 Nalin Dahyabhai <nalin@redhat.com>
856- run kadmin.local correctly at startup
857
858* Mon Feb 28 2000 Nalin Dahyabhai <nalin@redhat.com>
859- pass absolute path to kadm5.keytab if/when extracting keys at startup
860
861* Sat Feb 19 2000 Nalin Dahyabhai <nalin@redhat.com>
862- fix info page insertions
863
864* Wed Feb  9 2000 Nalin Dahyabhai <nalin@redhat.com>
865- tweak server init script to automatically extract kadm5 keys if
866  /var/kerberos/krb5kdc/kadm5.keytab doesn't exist yet
867- adjust package descriptions
868
869* Thu Feb  3 2000 Nalin Dahyabhai <nalin@redhat.com>
870- fix for potentially gzipped man pages
871
872* Fri Jan 21 2000 Nalin Dahyabhai <nalin@redhat.com>
873- fix comments in krb5-configs
874
875* Fri Jan  7 2000 Nalin Dahyabhai <nalin@redhat.com>
876- move /usr/kerberos/bin to end of PATH
877
878* Tue Dec 28 1999 Nalin Dahyabhai <nalin@redhat.com>
879- install kadmin header files
880
881* Tue Dec 21 1999 Nalin Dahyabhai <nalin@redhat.com>
882- patch around TIOCGTLC defined on alpha and remove warnings from libpty.h
883- add installation of info docs
884- remove krb4 compat patch because it doesn't fix workstation-side servers
885
886* Mon Dec 20 1999 Nalin Dahyabhai <nalin@redhat.com>
887- remove hesiod dependency at build-time
888
889* Sun Dec 19 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
890- rebuild on 1.1.1
891
892* Thu Oct  7 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
893- clean up init script for server, verify that it works [jlkatz]
894- clean up rotation script so that rc likes it better
895- add clean stanza
896
897* Mon Oct  4 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
898- backed out ncurses and makeshlib patches
899- update for krb5-1.1
900- add KDC rotation to rc.boot, based on ideas from Michael's C version
901
902* Mon Sep 26 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
903- added -lncurses to telnet and telnetd makefiles
904
905* Mon Jul  5 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
906- added krb5.csh and krb5.sh to /etc/profile.d
907
908* Mon Jun 22 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
909- broke out configuration files
910
911* Mon Jun 14 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
912- fixed server package so that it works now
913
914* Sat May 15 1999 Nalin Dahyabhai <nsdahya1@eos.ncsu.edu>
915- started changelog (previous package from zedz.net)
916- updated existing 1.0.5 RPM from Eos Linux to krb5 1.0.6
917- added --force to makeinfo commands to skip errors during build
918
919%prep
920%setup -q
921%patch2  -p1 -b .manpage-paths
922%patch3  -p1 -b .netkit-rsh
923%patch4  -p1 -b .rlogind-environ
924%patch5  -p1 -b .ksu-access
925%patch6  -p1 -b .ksu-path
926%patch9  -p1 -b .brokenrev
927%patch11 -p1 -b .passive
928%patch12 -p1 -b .ktany
929%patch13 -p1 -b .large-file
930%patch14 -p1 -b .ftp-glob
931%patch15 -p1 -b .check
932%patch16 -p1 -b .no-rpath
933%patch18 -p1 -b .reject-bad-transited
934%if %{WITH_SELINUX}
935%patch21 -p1 -b .selinux
936%endif
937%patch23 -p1 -b .dns
938%patch25 -p1 -b .null
939# Removes a malloc(0) case, nothing more.
940# %patch26 -p1 -b .efence
941%patch27 -p1 -b .rcp-sendlarge
942%patch29 -p1 -b .kprop-mktemp
943%patch30 -p1 -b .send-pr-tempfile
944%patch32 -p1 -b .ncurses
945%patch33 -p1 -b .io
946%patch35 -p1 -b .fclose
947%patch36 -p1 -b .rcp-markus
948%patch39 -p1 -b .api
949%patch40 -p1 -b .telnet-environ
950%patch41 -p1 -b .login-lpass
951%patch44 -p1 -b .enospc
952%patch45 -p1 -b .gssinit
953pushd src
954%patch46 -p0 -b .2006-001
955popd
956cp src/krb524/README README.krb524
957gzip doc/*.ps
958%patch1000 -p1 -b .scripts
959cd src
960top=`pwd`
961for configurein in `find -name configure.in -type f` ; do
962        pushd `dirname $configurein`
963        autoconf -I "$top"
964        popd
965done
966
967%build
968cd src
969INCLUDES=-I%{_includedir}/et
970# Get LFS support on systems that need it which aren't already 64-bit.
971%ifarch %{ix86} s390 ppc sparc
972DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES
973%endif
974CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC`"
975CPPFLAGS="`echo $DEFINES $INCLUDES`"
976%configure \
977        CC=%{__cc} \
978        CFLAGS="$CFLAGS" \
979        LDFLAGS="-pie" \
980        CPPFLAGS="$CPPFLAGS" \
981        SS_LIB="-lss -lcurses" \
982        --enable-shared --enable-static \
983        --bindir=%{krb5prefix}/bin \
984        --mandir=%{krb5prefix}/man \
985        --sbindir=%{krb5prefix}/sbin \
986        --datadir=%{krb5prefix}/share \
987        --localstatedir=%{_var}/kerberos \
988        --with-krb4 \
989        --with-system-et \
990        --with-system-ss \
991        --with-netlib=-lresolv \
992        --without-tcl \
993        --enable-dns
994# Now build it.  Override the RPATH_FLAG and PROG_LIBPATH to drop the rpath, and
995# override LDCOMBINE to use gcc instead of ld to build shared libraries.
996make    RPATH_FLAG= PROG_RPATH= \
997        OBJLISTS="OBJS.ST OBJS.SH" \
998        LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)'
999
1000# Run the test suite.
1001: make  RPATH_FLAG= PROG_RPATH= check TMPDIR=%{_tmppath}
1002
1003%install
1004[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
1005
1006# Shell scripts wrappers for Kerberized rsh and rlogin.
1007mkdir -p $RPM_BUILD_ROOT%{krb5prefix}/bin
1008install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{krb5prefix}/bin/
1009
1010# Info docs.
1011mkdir -p $RPM_BUILD_ROOT%{_infodir}
1012install -m 644 doc/*.info* $RPM_BUILD_ROOT%{_infodir}/
1013# Forcefully compress the info pages so that we know the right file name to
1014# pass to install-info in %%post.
1015gzip $RPM_BUILD_ROOT%{_infodir}/*.info*
1016
1017# Sample KDC config files.
1018mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc
1019install -m 644 $RPM_SOURCE_DIR/kdc.conf  $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
1020install -m 644 $RPM_SOURCE_DIR/kadm5.acl $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
1021
1022# Login-time scriptlets to fix the PATH variable.
1023mkdir -p $RPM_BUILD_ROOT/etc/profile.d
1024install -m 644 $RPM_SOURCE_DIR/krb5.conf $RPM_BUILD_ROOT/etc/krb5.conf
1025install -m 755 $RPM_SOURCE_DIR/krb5.{sh,csh} $RPM_BUILD_ROOT/etc/profile.d/
1026
1027# Server init scripts.
1028mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
1029install -m 755 $RPM_SOURCE_DIR/krb5kdc.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb5kdc
1030install -m 755 $RPM_SOURCE_DIR/kadmind.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kadmin
1031install -m 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kprop
1032install -m 755 $RPM_SOURCE_DIR/krb524d.init $RPM_BUILD_ROOT/etc/rc.d/init.d/krb524
1033mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
1034install -m 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc
1035install -m 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin
1036install -m 644 $RPM_SOURCE_DIR/krb524.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb524
1037
1038# Xinetd configuration files.
1039mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/
1040for xinetd in eklogin klogin kshell ekrb5-telnet krb5-telnet gssftp ; do
1041        install -m 644 $RPM_SOURCE_DIR/${xinetd}.xinetd \
1042        $RPM_BUILD_ROOT/etc/xinetd.d/${xinetd}
1043done
1044
1045# The rest of the binaries, headers, libraries, and docs.
1046make -C src DESTDIR=$RPM_BUILD_ROOT install
1047
1048# Fixup permissions on header files.
1049find $RPM_BUILD_ROOT/%{_includedir} -type d | xargs chmod 755
1050find $RPM_BUILD_ROOT/%{_includedir} -type f | xargs chmod 644
1051
1052# Fixup strange shared library permissions.
1053chmod 755 $RPM_BUILD_ROOT%{_libdir}/*.so{,.*}
1054
1055# Munge the krb5-config script to remove rpaths.
1056sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{krb5prefix}/bin/krb5-config
1057
1058# Munge krb5-config yet again.  This is totally wrong for 64-bit, but chunks
1059# of the no-rpath patch already conspire to strip out /usr/<anything> from the
1060# list of link flags.
1061sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{krb5prefix}/bin/krb5-config
1062
1063# Remove the randomly-generated compile-et filename comment from header files.
1064sed -i -e 's|^ \* ettmp[^ \t]*\.h:$| * ettmpXXXXXX.h:|g' $RPM_BUILD_ROOT%{_includedir}/*{,/*}.h
1065
1066%if %{install_macro}
1067# Install the autoconf macro.
1068mkdir -p $RPM_BUILD_ROOT/%{_datadir}/aclocal
1069install -m644 src/util/ac_check_krb5.m4 $RPM_BUILD_ROOT/%{_datadir}/aclocal/
1070%endif
1071
1072%clean
1073[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
1074
1075%post libs -p /sbin/ldconfig
1076
1077%postun libs -p /sbin/ldconfig
1078
1079%post server
1080# Remove the init script for older servers.
1081[ -x /etc/rc.d/init.d/krb5server ] && /sbin/chkconfig --del krb5server
1082# Install the new ones.
1083/sbin/chkconfig --add krb5kdc
1084/sbin/chkconfig --add kadmin
1085/sbin/chkconfig --add krb524
1086/sbin/chkconfig --add kprop
1087# Install info pages.
1088/sbin/install-info %{_infodir}/krb425.info.gz %{_infodir}/dir
1089/sbin/install-info %{_infodir}/krb5-admin.info.gz %{_infodir}/dir
1090/sbin/install-info %{_infodir}/krb5-install.info.gz %{_infodir}/dir
1091
1092%preun server
1093if [ "$1" = "0" ] ; then
1094        /sbin/chkconfig --del krb5kdc
1095        /sbin/chkconfig --del kadmin
1096        /sbin/chkconfig --del krb524
1097        /sbin/chkconfig --del kprop
1098        /sbin/service krb5kdc stop > /dev/null 2>&1 || :
1099        /sbin/service kadmin stop > /dev/null 2>&1 || :
1100        /sbin/service krb524 stop > /dev/null 2>&1 || :
1101        /sbin/service kprop stop > /dev/null 2>&1 || :
1102        /sbin/install-info --delete %{_infodir}/krb425.info.gz %{_infodir}/dir
1103        /sbin/install-info --delete %{_infodir}/krb5-admin.info.gz %{_infodir}/dir
1104        /sbin/install-info --delete %{_infodir}/krb5-install.info.gz %{_infodir}/dir
1105fi
1106
1107%postun server
1108if [ "$1" -ge 1 ] ; then
1109        /sbin/service krb5kdc condrestart > /dev/null 2>&1 || :
1110        /sbin/service kadmin condrestart > /dev/null 2>&1 || :
1111        /sbin/service krb524 condrestart > /dev/null 2>&1 || :
1112        /sbin/service kprop condrestart > /dev/null 2>&1 || :
1113fi
1114
1115%post workstation
1116/sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir
1117/sbin/service xinetd reload > /dev/null 2>&1 || :
1118
1119%preun workstation
1120if [ "$1" = "0" ] ; then
1121        /sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir
1122fi
1123
1124%postun workstation
1125/sbin/service xinetd reload > /dev/null 2>&1 || :
1126
1127%files workstation
1128%defattr(-,root,root)
1129
1130%config(noreplace) /etc/profile.d/krb5.sh
1131%config(noreplace) /etc/profile.d/krb5.csh
1132
1133%config(noreplace) /etc/xinetd.d/*
1134
1135%docdir %{krb5prefix}/man
1136%doc doc/krb5-user/*.html doc/user*.ps.gz src/config-files/services.append
1137%doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html
1138%attr(0755,root,root) %doc src/config-files/convert-config-files
1139%{_infodir}/krb5-user.info*
1140
1141%dir %{krb5prefix}
1142%dir %{krb5prefix}/bin
1143%dir %{krb5prefix}/man
1144%dir %{krb5prefix}/man/man1
1145%dir %{krb5prefix}/man/man5
1146%dir %{krb5prefix}/man/man8
1147%dir %{krb5prefix}/sbin
1148
1149%{krb5prefix}/bin/ftp
1150%{krb5prefix}/man/man1/ftp.1*
1151%{krb5prefix}/bin/gss-client
1152%{krb5prefix}/bin/kdestroy
1153%{krb5prefix}/man/man1/kdestroy.1*
1154%{krb5prefix}/man/man1/kerberos.1*
1155%{krb5prefix}/bin/kinit
1156%{krb5prefix}/man/man1/kinit.1*
1157%{krb5prefix}/bin/klist
1158%{krb5prefix}/man/man1/klist.1*
1159%{krb5prefix}/bin/kpasswd
1160%{krb5prefix}/man/man1/kpasswd.1*
1161%{krb5prefix}/bin/krb524init
1162%{krb5prefix}/man/man1/krb524init.1*
1163%{krb5prefix}/sbin/k5srvutil
1164%{krb5prefix}/man/man8/k5srvutil.8*
1165%{krb5prefix}/sbin/kadmin
1166%{krb5prefix}/man/man8/kadmin.8*
1167%{krb5prefix}/sbin/ktutil
1168%{krb5prefix}/man/man8/ktutil.8*
1169%attr(4755,root,root) %{krb5prefix}/bin/ksu
1170%{krb5prefix}/man/man1/ksu.1*
1171%{krb5prefix}/bin/kvno
1172%{krb5prefix}/man/man1/kvno.1*
1173%{krb5prefix}/bin/rcp
1174%{krb5prefix}/man/man1/rcp.1*
1175%{krb5prefix}/bin/krlogin
1176%{krb5prefix}/bin/rlogin
1177%{krb5prefix}/man/man1/rlogin.1*
1178%{krb5prefix}/bin/krsh
1179%{krb5prefix}/bin/rsh
1180%{krb5prefix}/man/man1/rsh.1*
1181%{krb5prefix}/bin/telnet
1182%{krb5prefix}/man/man1/telnet.1*
1183%{krb5prefix}/man/man1/tmac.doc*
1184%attr(0755,root,root) %{krb5prefix}/bin/v4rcp
1185%{krb5prefix}/man/man1/v4rcp.1*
1186%{krb5prefix}/bin/sim_client
1187%{krb5prefix}/bin/uuclient
1188%{krb5prefix}/sbin/login.krb5
1189%{krb5prefix}/man/man8/login.krb5.8*
1190%{krb5prefix}/sbin/ftpd
1191%{krb5prefix}/man/man8/ftpd.8*
1192%{krb5prefix}/sbin/gss-server
1193%{krb5prefix}/sbin/klogind
1194%{krb5prefix}/man/man8/klogind.8*
1195%{krb5prefix}/sbin/krb5-send-pr
1196%{krb5prefix}/man/man1/krb5-send-pr.1*
1197%{krb5prefix}/sbin/kshd
1198%{krb5prefix}/man/man8/kshd.8*
1199%{krb5prefix}/sbin/telnetd
1200%{krb5prefix}/man/man8/telnetd.8*
1201%{krb5prefix}/sbin/uuserver
1202%{krb5prefix}/man/man5/.k5login.5*
1203%{krb5prefix}/man/man5/krb5.conf.5*
1204
1205%files server
1206%defattr(-,root,root)
1207
1208%config /etc/rc.d/init.d/krb5kdc
1209%config /etc/rc.d/init.d/kadmin
1210%config /etc/rc.d/init.d/krb524
1211%config /etc/rc.d/init.d/kprop
1212%config(noreplace) /etc/sysconfig/krb5kdc
1213%config(noreplace) /etc/sysconfig/kadmin
1214%config(noreplace) /etc/sysconfig/krb524
1215
1216%docdir %{krb5prefix}/man
1217%doc doc/admin*.ps.gz doc/krb5-admin/*.html
1218%doc doc/krb425*.ps.gz doc/krb425/*.html
1219%doc doc/install*.ps.gz doc/krb5-install/*.html
1220%doc README.krb524
1221
1222%{_infodir}/krb5-admin.info*
1223%{_infodir}/krb5-install.info*
1224%{_infodir}/krb425.info*
1225
1226%dir %{_var}/kerberos
1227%dir %{_var}/kerberos/krb5kdc
1228%config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
1229%config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl
1230
1231%dir %{krb5prefix}/bin
1232%dir %{_libdir}/krb5
1233%dir %{_libdir}/krb5/plugins
1234%dir %{_libdir}/krb5/plugins/kdb
1235%{_libdir}/krb5/plugins/kdb/db2.so
1236%dir %{krb5prefix}/man
1237%dir %{krb5prefix}/man/man1
1238%dir %{krb5prefix}/man/man5
1239%dir %{krb5prefix}/man/man8
1240%dir %{krb5prefix}/sbin
1241
1242%{krb5prefix}/man/man5/kdc.conf.5*
1243%{krb5prefix}/sbin/kadmin.local
1244%{krb5prefix}/man/man8/kadmin.local.8*
1245%{krb5prefix}/sbin/kadmind
1246%{krb5prefix}/man/man8/kadmind.8*
1247%{krb5prefix}/sbin/kdb5_util
1248%{krb5prefix}/man/man8/kdb5_util.8*
1249%{krb5prefix}/sbin/kprop
1250%{krb5prefix}/man/man8/kprop.8*
1251%{krb5prefix}/sbin/kpropd
1252%{krb5prefix}/man/man8/kpropd.8*
1253%{krb5prefix}/sbin/krb524d
1254%{krb5prefix}/man/man8/krb524d.8*
1255%{krb5prefix}/sbin/krb5kdc
1256%{krb5prefix}/man/man8/krb5kdc.8*
1257%{krb5prefix}/sbin/sim_server
1258# This is here for people who want to test their server, and also
1259# included in devel package for similar reasons.
1260%{krb5prefix}/bin/sclient
1261%{krb5prefix}/man/man1/sclient.1*
1262%{krb5prefix}/sbin/sserver
1263%{krb5prefix}/man/man8/sserver.8*
1264
1265%files libs
1266%defattr(-,root,root)
1267#%config /etc/rc.d/init.d/kdcrotate
1268%config(noreplace) /etc/krb5.conf
1269%docdir %{krb5prefix}/man
1270%{_libdir}/lib*.so.*
1271%dir %{_libdir}/krb5
1272%dir %{_libdir}/krb5/plugins
1273%{krb5prefix}/share
1274
1275%files devel
1276%defattr(-,root,root)
1277
1278%config(noreplace) /etc/profile.d/krb5.sh
1279%config(noreplace) /etc/profile.d/krb5.csh
1280
1281%docdir %{krb5prefix}/man
1282%doc doc/api
1283%doc doc/implement
1284%doc doc/kadm5
1285%doc doc/kadmin
1286%doc doc/krb5-protocol
1287%doc doc/rpc
1288%doc doc/threads.txt
1289
1290%dir %{krb5prefix}
1291%dir %{krb5prefix}/bin
1292%dir %{krb5prefix}/man
1293%dir %{krb5prefix}/man/man1
1294%dir %{krb5prefix}/man/man8
1295%dir %{krb5prefix}/sbin
1296
1297%{_includedir}/*
1298%{_libdir}/lib*.a
1299%{_libdir}/lib*.so
1300%if %{install_macro}
1301%{_datadir}/aclocal/*
1302%endif
1303
1304%{krb5prefix}/bin/krb5-config
1305%{krb5prefix}/bin/sclient
1306%{krb5prefix}/man/man1/krb5-config.1*
1307%{krb5prefix}/man/man1/sclient.1*
1308%{krb5prefix}/man/man8/sserver.8*
1309%{krb5prefix}/sbin/sserver
Note: See TracBrowser for help on using the repository browser.