# For consistency with regular login. %global login_pam_service remote Name: krb5-appl Version: 1.0.3 %define subrel 1 Release: %mkrel 10 Summary: Kerberos-aware versions of telnet, ftp, rsh, and rlogin Group: System/Servers License: MIT URL: http://web.mit.edu/kerberos/www/ # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5-appl/1.0/krb5-appl-1.0-signed.tar Source0: krb5-appl-%{version}.tar.gz Source1: krb5-appl-%{version}.tar.gz.asc Source12: krsh Source13: krlogin Source14: eklogin.xinetd Source15: klogin.xinetd Source16: kshell.xinetd Source17: krb5-telnet.xinetd Source18: gssftp.xinetd Source22: ekrb5-telnet.xinetd Source125: krb5-appl-1.0-manpaths.txt Source26: gssftp.pamd Source27: kshell.pamd Source28: ekshell.pamd Patch0: krb5-appl-1.0-fix-format-errors.patch Patch3: krb5-1.3-netkit-rsh.patch Patch4: krb5-appl-1.0-rlogind-environ.patch Patch11: krb5-1.2.1-passive.patch Patch14: krb5-1.3-ftp-glob.patch Patch33: krb5-appl-1.0-io.patch Patch36: krb5-1.7-rcp-markus.patch Patch40: krb5-1.4.1-telnet-environ.patch Patch57: krb5-appl-1.0-login_chdir.patch Patch72: krb5-1.6.3-ftp_fdleak.patch Patch73: krb5-1.6.3-ftp_glob_runique.patch Patch79: krb5-trunk-ftp_mget_case.patch Patch88: krb5-1.7-sizeof.patch Patch89: krb5-appl-1.0.2-largefile.patch Patch90: krb5-appl-1.0.3-telnet-overflow-exploit.patch Patch160: krb5-appl-1.0.2-pam.patch Patch161: krb5-appl-1.0.2-manpaths.patch Patch162: krb5-appl-1.0.3-fix-typedef.patch BuildRequires: bison BuildRequires: flex BuildRequires: pkgconfig(ncurses) BuildRequires: texinfo BuildRequires: pkgconfig(krb5) BuildRequires: pam-devel %description This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients and servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. %package servers Group: System/Servers Summary: Kerberos-aware telnet, ftp, rsh and rlogin servers Requires: xinetd Requires(post): %{_sbindir}/service, xinetd # multiple alternatives Provides: telnet-server Conflicts: netkit-telnet-server Conflicts: heimdal-telnetd # conflict due to %%{_bindir}/rcp being in both -clients and -servers Conflicts: %{name}-clients < %{version}-%{release} %description servers This package contains Kerberos-aware versions of the telnet, ftp, rsh, and rlogin servers. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. %package clients Summary: Kerberos-aware telnet, ftp, rcp, rsh and rlogin clients Group: Networking/Remote access # multiple alternatives Provides: telnet-client Conflicts: netkit-telnet Conflicts: heimdal-telnet # conflict due to %%{_bindir}/rcp being in both -clients and -servers Conflicts: %{name}-servers < %{version}-%{release} %description clients This package contains Kerberos-aware versions of the telnet, ftp, rcp, rsh, and rlogin clients. While these have been replaced by tools such as OpenSSH in most environments, they remain in use in others. %prep %setup -q ln -s NOTICE LICENSE %patch0 -p1 -b .format %patch160 -p1 -b .pam %patch161 -p1 -b .manpaths %patch162 -p1 -b .typedef %patch3 -p3 -b .netkit-rsh %patch4 -p1 -b .rlogind-environ %patch11 -p3 -b .passive %patch14 -p3 -b .ftp-glob %patch33 -p1 -b .io %patch36 -p3 -b .rcp-markus %patch40 -p3 -b .telnet-environ %patch57 -p1 -b .login_chdir %patch72 -p3 -b .ftp_fdleak %patch73 -p3 -b .ftp_glob_runique %patch79 -p2 -b .ftp_mget_case %patch88 -p3 -b .sizeof %patch89 -p1 -b .largefile %patch90 -p1 -b .overflow # Rename the man pages so that they'll get generated correctly. Uses the # "krb5-appl-1.0-manpaths.txt" source file. cat %{SOURCE125} | while read manpage ; do mv "$manpage" "$manpage".in done # fix build on aarch64 cp -af %{_rpmconfigdir}/config.{guess,sub} . %build autoreconf -vfi # Build everything position-independent. INCLUDES=-I%{_includedir}/et CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIE -fno-strict-aliasing`" %configure2_5x \ CFLAGS="$CFLAGS" \ LDFLAGS="$LDFLAGS" \ --with-pam \ --with-pam-login-service=%{login_pam_service} %make_build %install # Shell scripts wrappers for Kerberized rsh and rlogin (source files). mkdir -p %{buildroot}%{_bindir} install -m 755 %{SOURCE12} %{buildroot}%{_bindir} install -m 755 %{SOURCE13} %{buildroot}%{_bindir} # Xinetd configuration files. mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d/ for xinetd in \ %{SOURCE14} \ %{SOURCE15} \ %{SOURCE16} \ %{SOURCE17} \ %{SOURCE18} \ %{SOURCE22} ; do install -pm 644 ${xinetd} \ %{buildroot}%{_sysconfdir}/xinetd.d/`basename ${xinetd} .xinetd` done # PAM configuration files. mkdir -p %{buildroot}%{_sysconfdir}/pam.d/ for pam in \ %{SOURCE26} \ %{SOURCE27} \ %{SOURCE28} ; do install -pm 644 ${pam} \ %{buildroot}%{_sysconfdir}/pam.d/`basename ${pam} .pamd` done %makeinstall_std %post servers %{_sbindir}/service xinetd reload > /dev/null 2>&1 || : exit 0 %postun servers %{_sbindir}/service xinetd reload > /dev/null 2>&1 || : exit 0 %files clients %doc README NOTICE LICENSE # Client network bits. %{_bindir}/ftp %{_mandir}/man1/ftp.1* %{_bindir}/krlogin %{_bindir}/rlogin %{_mandir}/man1/rlogin.1* %{_bindir}/krsh %{_bindir}/rsh %{_mandir}/man1/rsh.1* %{_bindir}/telnet %{_mandir}/man1/telnet.1* %{_mandir}/man1/tmac.doc* %{_bindir}/rcp %{_mandir}/man1/rcp.1* %files servers %doc README NOTICE LICENSE %docdir %{_mandir} %config(noreplace) %{_sysconfdir}/xinetd.d/* %config(noreplace) %{_sysconfdir}/pam.d/kshell %config(noreplace) %{_sysconfdir}/pam.d/ekshell %config(noreplace) %{_sysconfdir}/pam.d/gssftp # Login is used by telnetd and klogind. %{_sbindir}/login.krb5 %{_mandir}/man8/login.krb5.8* # Application servers. %{_sbindir}/ftpd %{_mandir}/man8/ftpd.8* %{_sbindir}/klogind %{_mandir}/man8/klogind.8* %{_sbindir}/kshd %{_mandir}/man8/kshd.8* %{_sbindir}/telnetd %{_mandir}/man8/telnetd.8* %changelog * Wed Apr 08 2020 daviddavid <daviddavid> 1.0.3-10.1.mga7 + Revision: 1565553 - arbitrary remote code execution in utility.c via short writes or urgent data (mga#26451) * CVE-2020-10188 * Sun Sep 23 2018 umeabot <umeabot> 1.0.3-10.mga7 + Revision: 1298643 - Mageia 7 Mass Rebuild * Fri Jun 22 2018 wally <wally> 1.0.3-9.mga7 + Revision: 1239055 - fix build on aarch64 * Thu Feb 11 2016 luigiwalser <luigiwalser> 1.0.3-8.mga6 + Revision: 955970 - only include rcp in clients package * Fri Feb 05 2016 umeabot <umeabot> 1.0.3-7.mga6 + Revision: 939565 - Mageia 6 Mass Rebuild * Wed Oct 15 2014 umeabot <umeabot> 1.0.3-6.mga5 + Revision: 746110 - Second Mageia 5 Mass Rebuild * Tue Sep 16 2014 umeabot <umeabot> 1.0.3-5.mga5 + Revision: 681191 - Mageia 5 Mass Rebuild * Mon Sep 01 2014 luigiwalser <luigiwalser> 1.0.3-4.mga5 + Revision: 670357 - fix service command path * Fri Oct 18 2013 umeabot <umeabot> 1.0.3-3.mga4 + Revision: 521865 - Mageia 4 Mass Rebuild * Thu Jan 24 2013 sander85 <sander85> 1.0.3-2.mga3 + Revision: 392077 - Fix build (patch from NetBSD) + umeabot <umeabot> - Mass Rebuild - https://wiki.mageia.org/en/Feature:Mageia3MassRebuild * Wed Jun 27 2012 guillomovitch <guillomovitch> 1.0.3-1.mga3 + Revision: 264449 - new version - fix krlogin and krsh wrappers * Fri Dec 30 2011 guillomovitch <guillomovitch> 1.0.2-3.mga2 + Revision: 188992 - fix for CVE-2011-4862 * Tue Aug 30 2011 guillomovitch <guillomovitch> 1.0.2-2.mga2 + Revision: 136471 - fix binary locations in xinetd configuration files - new version - drop transition-related conflicts and provides - spec cleanup * Sun May 22 2011 ahmad <ahmad> 1.0.1-2.mga1 + Revision: 100173 - Since %%{_bindir}/rcp exists in both -clients and -servers: o -servers should conflict with %%{name}-clients < %%{version}-%%{release} o -clients should conflict with %%{name}-servers < %%{version}-%%{release} should fix (mga#1381) * Wed Feb 23 2011 pterjan <pterjan> 1.0.1-1.mga1 + Revision: 58157 - imported package krb5-appl * Sat Jul 17 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.0.1-1mdv2011.0 + Revision: 554637 - new version - add explicit conflict with other telnet implementations * Wed Apr 28 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.0-4mdv2010.1 + Revision: 540209 - add telnet-server and telnet-client virtual packages * Wed Apr 28 2010 Götz Waschk <waschk@mandriva.org> 1.0-3mdv2010.1 + Revision: 540180 - provide telnet as well * Tue Apr 27 2010 Götz Waschk <waschk@mandriva.org> 1.0-2mdv2010.1 + Revision: 539882 - provide obsoleted packages as well * Tue Apr 27 2010 Guillaume Rousse <guillomovitch@mandriva.org> 1.0-1mdv2010.1 + Revision: 539849 - import krb5-appl