%define name krb5
%define version 1.6.3
%define rel 6
%define release %mkrel %rel
%define major 3
%define libname %mklibname %name %major
# enable checking after compile
%define enable_check 0
%{?_with_check: %global %enable_check 1}
%define with_krb4 0
Summary: The Kerberos network authentication system
Name: %{name}
Version: %{version}
Release: %{release}
# from http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
Source0: %{name}-%{version}.tar.gz
Source1: kpropd.init
Source2: krb524d.init
Source3: kadmind.init
Source4: krb5kdc.init
Source5: krb5.conf
Source6: krb5.sh
Source7: krb5.csh
Source8: kdcrotate
Source9: kdc.conf
Source10: kadm5.acl
Source11: krsh
Source12: krlogin
Source13: eklogin.xinetd
Source14: klogin.xinetd
Source15: kshell.xinetd
Source16: telnet-krb5.xinetd
Source17: ftp-krb5.xinetd
Source18: krb5server.init
Source19: statglue.c
Source20: telnet.16.xpm
Source21: telnet.32.xpm
Source22: telnet.48.xpm
Source23: Mandriva-Kerberos-HOWTO.html
Source24: %{name}-%{version}.tar.gz.asc
Source25: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz
Source26: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig
Source27: krb5-ldap.conf.sample
Source28: usr.bin.telnet.apparmor
Patch0: krb5-1.2.2-telnetbanner.patch
Patch1: krb5-1.2.5-biarch-utmp.patch
Patch4: krb5-1.3-no-rpath.patch
# stolen from fedora
Patch6: krb5-1.3-large-file.patch
Patch7: krb5-1.5.1-ksu-path.patch
Patch8: krb5-1.3-ksu-access.patch
Patch9: krb5-1.3-pass-by-address.patch
Patch10: krb5-1.3-netkit-rsh.patch
Patch13: krb5-1.3-ftp-glob.patch
Patch19: krb5-1.3.3-rcp-sendlarge.patch
# (gb) preserve file names when generating files from *.et (multiarch fixes)
Patch23: krb5-1.3.6-et-preserve-file-names.patch
# http://qa.mandriva.com/show_bug.cgi?id=9410
Patch24: krb5-1.4.1-ftplfs.patch
Patch25: krb5-1.6.1-rh-CVE-2007-5901.patch
Patch26: krb5-1.6.1-rh-CVE-2007-5971.patch
Patch27: krb5-1.6.1-rh-CVE-2008-0062_0063.patch
Patch28: krb5-1.6.1-rh-CVE-2008-0947.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
Group: System/Libraries
# we moved some files from the lib package to this one, see
# http://qa.mandriva.com/show_bug.cgi?id=32580
Conflicts: %{libname} <= 1.6.2-4mdv2008.0
# (anssi) biarch conflicts as well:
Conflicts: libkrb53 <= 1.6.2-4mdv2008.0
Requires(pre): info-install
Requires: info-install
BuildRequires: bison flex termcap-devel texinfo e2fsprogs-devel
BuildRequires: tcl tcl-devel chrpath
%if %enable_check
BuildRequires: dejagnu
%endif
BuildRequires: multiarch-utils >= 1.0.3
BuildRequires: openldap-devel
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of cleartext passwords.
%package -n %{libname}-devel
Summary: Development files needed for compiling Kerberos 5 programs
Group: Development/Other
Requires: %{libname} = %{version}
Provides: krb-devel = %{version}-%{release}
Provides: krb5-devel = %{version}-%{release}
Provides: libkrb-devel
Obsoletes: krb-devel
Obsoletes: krb5-devel
Obsoletes: libkrb51-devel
%description -n %{libname}-devel
Kerberos is a network authentication system. The krb5-devel package
contains the header files and libraries needed for compiling Kerberos
5 programs. If you want to develop Kerberos-aware programs, you'll
need to install this package.
%package -n %{libname}
Summary: The shared libraries used by Kerberos 5
Group: System/Libraries
Provides: krb5-libs = %{version}-%{release}
Obsoletes: krb5-libs
Obsoletes: libkrb51
# we need the conf file, and better make sure it's a recent version
# for example, previous MIT kerberos versions didn't have ldap support,
# and this is specified in the conf file
Requires: %{name} >= %{version}
%description -n %{libname}
Kerberos is a network authentication system. The krb5-libs package
contains the shared libraries needed by Kerberos 5. If you're using
Kerberos, you'll need to install this package.
%package server
Group: System/Servers
Summary: The server programs for Kerberos 5
Requires: %{libname} = %{version}-%{release}
Requires: %{name}-workstation = %{version}-%{release}
Requires: words
Requires(pre): info-install
Requires: info-install
%description server
Kerberos is a network authentication system. The krb5-server package
contains the programs that must be installed on a Kerberos 5 server.
If you're installing a Kerberos 5 server, you need to install this
package (in other words, most people should NOT install this
package).
%package workstation
Summary: Kerberos 5 programs for use on workstations
Group: System/Base
Requires: %{libname} = %{version}-%{release}
Requires(pre): info-install
Requires: info-install
Provides: kerberos-workstation
Conflicts: rsh <= 0.17-12mdk
%description workstation
Kerberos is a network authentication system. The krb5-workstation
package contains the basic Kerberos programs (kinit, klist, kdestroy,
kpasswd). If your network uses Kerberos, this package should be installed
on every workstation.
%package -n telnet-server-krb5
Summary: A telnet-server with kerberos support
Group: Networking/Remote access
Requires: %{libname} = %{version}-%{release}
Requires: xinetd
Obsoletes: telnet-server
Provides: telnet-server
%description -n telnet-server-krb5
Telnet is a popular protocol for logging into remote systems over the Internet.
The telnet-server package provides a telnet daemon, which will support remote
logins into the host machine. The telnet daemon is enabled by default. You may
disable the telnet daemon by editing /etc/inetd.conf.
Install the telnet-server package if you want to support remote logins to your
machine.
This version supports kerberos authentication.
%package -n telnet-client-krb5
Summary: A telnet-client with kerberos support
Group: Networking/Remote access
Requires: %{libname} = %{version}-%{release}
Obsoletes: telnet
Provides: telnet
%description -n telnet-client-krb5
Telnet is a popular protocol for logging into remote systems over the Internet.
The telnet package provides a command line telnet client.
Install the telnet package if you want to telnet to remote machines.
This version supports kerberos authentication.
%package -n ftp-client-krb5
Summary: A ftp-client with kerberos support
Group: Networking/File transfer
Requires: %{libname} = %{version}
Obsoletes: ftp
Provides: ftp
%description -n ftp-client-krb5
The ftp package provides the standard UNIX command-line FTP client.
FTP is the file transfer protocol, which is a widely used Internet
protocol for transferring files and for archiving files.
If your system is on a network, you should install ftp in order to do
file transfers.
This version supports kerberos authentication.
%package -n ftp-server-krb5
Summary: A ftp-server with kerberos support
Group: Networking/File transfer
Requires: %{libname} = %{version}
Provides: ftpserver
%description -n ftp-server-krb5
The ftp-server package provides an ftp server.
This version supports kerberos authentication.
%prep
%setup -q -a 25
%patch0 -p1 -b .banner
%patch1 -p1 -b .biarch-utmp
%patch4 -p1 -b .no-rpath
%patch6 -p1 -b .large-file
%patch7 -p1 -b .ksu-path
%patch8 -p1 -b .ksu-access
%patch9 -p1 -b .pass-by-address
%patch10 -p1 -b .netkit-rsh
%patch13 -p1 -b .ftp-glob
%patch19 -p1 -b .rcp-sendlarge
%patch23 -p1 -b .et-preserve-file-names
%patch24 -p1 -b .lfs
%patch25 -p0 -b .cve-2007-5901
%patch26 -p0 -b .cve-2007-5971
%patch27 -p0 -b .cve-2008-0062_0063
%patch28 -p0 -b .cve-2008-0947
# krb5-ldap.conf.sample
install -m 0644 %{SOURCE27} .
find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";"
gzip doc/*.ps
find -name "*\.h" | xargs perl -p -i -e "s|\<com_err|\<et/com_err|";
find -name "*\.h" | xargs perl -p -i -e "s|\"com_err|\"et/com_err|";
%build
%serverbuild
export CFLAGS="$CFLAGS -I/usr/include/et"
find . -name "*.[ch]"|xargs grep -r -l "^extern int errno;" * | xargs perl -p -i -e "s|^extern int errno;|#include <errno.h>|"
find . -name "*.[ch]"|xargs grep -r -l "extern int errno;" * | xargs perl -p -i -e "s|^extern int errno;||"
cd src
%{?__cputoolize: %{__cputoolize} -c config}
DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES
# don't use %%configure, it expands wrongly for some reason
./configure \
--prefix=%{_prefix} \
--sysconfdir=%{_sysconfdir} \
--infodir=%{_infodir} \
--mandir=%{_mandir} \
--localstatedir=%{_sysconfdir}/kerberos \
%if %{with_krb4}
--with-krb4 \
%else
--without-krb4 \
%endif
--enable-dns-for-realm \
--with-tcl=%{_prefix} \
--with-system-et \
--with-system-ss \
--libexecdir=%{_libdir} \
--libdir=%{_libdir} \
--enable-shared \
--disable-static \
--with-ldap
%make
# Run the test suite. Won't run in the build system because /dev/pts is
# not available for telnet tests and so on.
# make check TMPDIR=%{_tmppath}
%install
rm -rf %{buildroot}
pushd src
%makeinstall_std
popd
# Our shell scripts.
install -d %{buildroot}%{_bindir}
install -m 0755 %{SOURCE11} %{buildroot}%{_bindir}/krsh
install -m 0755 %{SOURCE12} %{buildroot}%{_bindir}/krlogin
# Extra headers.
install -d %{buildroot}%{_includedir}
pushd src/include
find kadm5 krb5 gssrpc gssapi -name "*.h" | cpio -pdm %{buildroot}%{_includedir}
popd
perl -pi -e 's#k5-int#krb5/kdb#g' %{buildroot}%{_includedir}/kadm5/admin.h
find %{buildroot}%{_includedir} -type d | xargs chmod 755
find %{buildroot}%{_includedir} -type f | xargs chmod 644
# logdir
install -d %{buildroot}/var/log/kerberos
# Info docs.
install -d %{buildroot}%{_infodir}
install -m 644 doc/*.info* %{buildroot}%{_infodir}/
%if ! %{with_krb4}
rm -f %{buildroot}%{_infodir}/krb425.info*
%endif
# KDC config files.
install -d %{buildroot}%{_sysconfdir}/kerberos/krb5kdc
install -m 0644 %{SOURCE9} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kdc.conf
install -m 0600 %{SOURCE10} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kadm5.acl
# Client config files and scripts.
install -d %{buildroot}/etc/profile.d
install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/krb5.conf
install -m 0755 %{SOURCE6} %{buildroot}%{_sysconfdir}/profile.d/krb5.sh
install -m 0755 %{SOURCE7} %{buildroot}%{_sysconfdir}/profile.d/krb5.csh
# KDC init script.
install -d %{buildroot}%{_initrddir}
install -d %{buildroot}%{_sbindir}
install -m 0755 %{SOURCE4} %{buildroot}%{_initrddir}/krb5kdc
install -m 0755 %{SOURCE3} %{buildroot}%{_initrddir}/kadmin
install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/kprop
%if %{with_krb4}
install -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/krb524
%endif
install -m 0755 %{SOURCE8} %{buildroot}%{_sbindir}/kdcrotate
install -m 0755 %{SOURCE18} %{buildroot}%{_initrddir}/krb5server
# fix some permissions
chmod 755 %{buildroot}%{_libdir}/*.so*
find %{buildroot}%{_includedir} -type d | xargs chmod 755
find %{buildroot}%{_includedir} -type f | xargs chmod 644
# Xinetd configuration files.
install -d %{buildroot}%{_sysconfdir}/xinetd.d/
install -m 0644 %{SOURCE16} %{buildroot}%{_sysconfdir}/xinetd.d/telnet
install -m 0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/xinetd.d/ftp
install -m 0644 %{SOURCE23} doc/Mandrake-Kerberos-HOWTO.html
# Rename rsh, rlogin and rcp to not conflict with those provided by netkit
for i in rcp rlogin rsh; do
mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.krb5
mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/$i.krb5.1
done
# dump un-FHS examples location (files included in doc list now)
rm -Rf %{buildroot}/%{_datadir}/examples
# multiarch policy
%multiarch_binaries %{buildroot}%{_bindir}/krb5-config
%multiarch_includes %{buildroot}%{_includedir}/gssapi/gssapi.h
# (gb) this one could be fixed differently and properly using <stdint.h>
%multiarch_includes %{buildroot}%{_includedir}/gssrpc/types.h
# multiarch_includes %{buildroot}%{_includedir}/krb5/k5-config.h
# multiarch_includes %{buildroot}%{_includedir}/krb5/autoconf.h
# multiarch_includes %{buildroot}%{_includedir}/krb5/osconf.h
%multiarch_includes %{buildroot}%{_includedir}/krb5.h
%if ! %{with_krb4}
rm -rf %{buildroot}%{_includedir}/kerberosIV
%endif
# install missing manpage
mkdir -p %{buildroot}%{_mandir}/man8
install -m 0644 src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M \
%{buildroot}%{_mandir}/man8/kdb5_ldap_util.8
# apparmor profile(s)
mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d
install -m 0644 %{SOURCE28} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.telnet
%if %mdkversion < 200900
%post -n %{libname} -p /sbin/ldconfig
%endif
%if %mdkversion < 200900
%postun -n %{libname} -p /sbin/ldconfig
%endif
%post server
# Remove the init script for older servers.
[ -x /etc/rc.d/init.d/krb5server ] && /sbin/chkconfig --del krb5server
# Install the new ones.
/sbin/chkconfig --add krb5kdc
/sbin/chkconfig --add kadmin
%if %{with_krb4}
/sbin/chkconfig --add krb524
%_install_info krb425.info
%endif
/sbin/chkconfig --add kprop
%_install_info krb5-admin.info
%_install_info krb5-install.info
%preun server
if [ "$1" = "0" ] ; then
/sbin/chkconfig --del krb5kdc
/sbin/chkconfig --del kadmin
%if %{with_krb4}
/sbin/chkconfig --del krb524
/sbin/service krb524 stop > /dev/null 2>&1 || :
%endif
/sbin/chkconfig --del kprop
/sbin/service krb5kdc stop > /dev/null 2>&1 || :
/sbin/service kadmin stop > /dev/null 2>&1 || :
/sbin/service kprop stop > /dev/null 2>&1 || :
fi
%if %{with_krb4}
%_remove_install_info krb425.info
%endif
%_remove_install_info krb5-admin.info
%_remove_install_info krb5-install.info
%postun server
if [ "$1" -ge 1 ] ; then
/sbin/service krb5kdc condrestart > /dev/null 2>&1 || :
%if %{with_krb4}
/sbin/service krb524 condrestart > /dev/null 2>&1 || :
%endif
/sbin/service kadmin condrestart > /dev/null 2>&1 || :
/sbin/service kprop condrestart > /dev/null 2>&1 || :
fi
%post workstation
%_install_info krb5-user.info
/sbin/service xinetd reload > /dev/null 2>&1 || :
%{_sbindir}/update-alternatives \
--install %{_bindir}/rcp rcp %{_bindir}/rcp.krb5 20 \
--slave %{_mandir}/man1/rcp.1%{_extension} man-rcp %{_mandir}/man1/rcp.krb5.1%{_extension}
%{_sbindir}/update-alternatives \
--install %{_bindir}/rlogin rlogin %{_bindir}/rlogin.krb5 20 \
--slave %{_mandir}/man1/rlogin.1%{_extension} man-rlogin %{_mandir}/man1/rlogin.krb5.1%{_extension}
%{_sbindir}/update-alternatives \
--install %{_bindir}/rsh rsh %{_bindir}/rsh.krb5 20 \
--slave %{_mandir}/man1/rsh.1%{_extension} man-rsh %{_mandir}/man1/rsh.krb5.1%{_extension}
%preun workstation
%_remove_install_info krb5-user.info
if [ $1 -eq 0 ]; then
%{_sbindir}/update-alternatives --remove rcp %{_bindir}/rcp.krb5
%{_sbindir}/update-alternatives --remove rlogin %{_bindir}/rlogin.krb5
%{_sbindir}/update-alternatives --remove rsh %{_bindir}/rsh.krb5
fi
%postun workstation
/sbin/service xinetd reload > /dev/null 2>&1 || :
%triggerpostun workstation -- %{name}-workstation <= 1.3-4mdk
if [ ! -f %{_bindir}/rcp ]; then
%{_sbindir}/update-alternatives \
--install %{_bindir}/rcp rcp %{_bindir}/rcp.krb5 20 \
--slave %{_mandir}/man1/rcp.1%{_extension} man-rcp %{_mandir}/man1/rcp.krb5.1%{_extension}
%{_sbindir}/update-alternatives \
--install %{_bindir}/rlogin rlogin %{_bindir}/rlogin.krb5 20 \
--slave %{_mandir}/man1/rlogin.1%{_extension} man-rlogin %{_mandir}/man1/rlogin.krb5.1%{_extension}
%{_sbindir}/update-alternatives \
--install %{_bindir}/rsh rsh %{_bindir}/rsh.krb5 20 \
--slave %{_mandir}/man1/rsh.1%{_extension} man-rsh %{_mandir}/man1/rsh.krb5.1%{_extension}
fi
%post -n telnet-server-krb5
/sbin/service xinetd reload > /dev/null 2>&1 || :
ln -sf /bin/login /usr/sbin/login.krb5
file="/etc/xinetd.d/telnet"
if [ ! -f $file ] ; then
echo "Can't find xinetd file for telnet."
exit 0
fi
perl -pi -e "s|/usr/sbin/in\.telnetd|/usr/sbin/telnetd|g" $file
# We already have the required flags (-a <some_auth_mode>)
cat $file|egrep -q "server_args.*=.*-a[[:space:]]+.*$" && exit 0
# Don't have -a <some_auth_mode>, check if we have server_args or not
cat $file|egrep -q "server_args.*=.*$" && \
perl -pi -e "s|(server_args.*=.*$)|\1\ -a\ none|" $file && exit 0
# Say, no server_args in xinetd file.
perl -pi -e "s|(server.*=.*/usr/sbin/telnetd.*$)|\1\n\tserver_args\t=\ -a\ none|" $file && exit 0
%postun -n telnet-server-krb5
/sbin/service xinetd reload > /dev/null 2>&1 || :
%post -n ftp-server-krb5
/sbin/service xinetd reload > /dev/null 2>&1 || :
ln -sf /bin/login /usr/sbin/login.krb5
file="/etc/xinetd.d/ftp"
if [ ! -f $file ] ; then
echo "Can't find xinetd file for ftp."
exit 0
fi
%postun -n ftp-server-krb5
/sbin/service xinetd reload > /dev/null 2>&1 || :
%posttrans -n telnet-client-krb5
# if we have apparmor installed, reload if it's being used
if [ -x /sbin/apparmor_parser ]; then
/sbin/service apparmor condreload
fi
%clean
rm -rf %{buildroot}
%files
%defattr(-,root,root)
%doc README
%config(noreplace) %{_sysconfdir}/krb5.conf
%dir %{_sysconfdir}/kerberos
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%files workstation
%defattr(-,root,root)
%attr(0755,root,root) %config(noreplace) /etc/profile.d/krb5.sh
%attr(0755,root,root) %config(noreplace) /etc/profile.d/krb5.csh
%doc doc/*.html doc/user*.ps.gz src/config-files/services.append
%doc src/config-files/krb5.conf
%attr(0755,root,root) %doc src/config-files/convert-config-files
%{_infodir}/krb5-user.info*
%{_bindir}/gss-client
%{_bindir}/kdestroy
%{_mandir}/man1/kdestroy.1*
%{_mandir}/man1/kerberos.1*
%{_bindir}/kinit
%{_mandir}/man1/kinit.1*
%{_bindir}/klist
%{_mandir}/man1/klist.1*
%{_bindir}/kpasswd
%{_mandir}/man1/kpasswd.1*
%if %{with_krb4}
%{_bindir}/krb524init
%attr(0755,root,root) %{_bindir}/v4rcp
%{_mandir}/man1/v4rcp.1*
%endif
%{_sbindir}/kadmin
%{_mandir}/man8/kadmin.8*
%{_sbindir}/ktutil
%{_mandir}/man8/ktutil.8*
%attr(0755,root,root) %{_bindir}/ksu
%{_mandir}/man1/ksu.1*
%{_bindir}/kvno
%{_mandir}/man1/kvno.1*
%{_bindir}/rcp.krb5
%{_mandir}/man1/rcp.krb5.1*
%attr(0755,root,root) %{_bindir}/krlogin
%{_bindir}/rlogin.krb5
%{_mandir}/man1/rlogin.krb5.1*
%attr(0755,root,root) %{_bindir}/krsh
%{_bindir}/rsh.krb5
%{_mandir}/man1/rsh.krb5.1*
%{_mandir}/man1/tmac.doc*
#%{_bindir}/v5passwd
#%{_mandir}/man1/v5passwd.1*
%{_bindir}/sim_client
%{_bindir}/uuclient
%{_sbindir}/login.krb5
%{_mandir}/man8/login.krb5.8*
%{_sbindir}/gss-server
%{_sbindir}/klogind
%{_mandir}/man8/klogind.8*
%{_sbindir}/krb5-send-pr
%{_mandir}/man1/krb5-send-pr.1*
%{_sbindir}/kshd
%{_mandir}/man8/kshd.8*
%{_sbindir}/uuserver
%{_mandir}/man5/.k5login.5*
%{_mandir}/man5/krb5.conf.5*
%files server
%defattr(-,root,root)
%attr(0755,root,root) %{_initrddir}/krb5kdc
%attr(0755,root,root) %{_initrddir}/kadmin
%if %{with_krb4}
%attr(0755,root,root) %{_initrddir}/krb524
%endif
%attr(0755,root,root) %{_initrddir}/kprop
%attr(0755,root,root) %{_initrddir}/krb5server
%doc doc/admin*.ps.gz doc/*html
%doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
%if %{with_krb4}
%doc doc/krb425*.ps.gz
%{_infodir}/krb425.info*
%endif
%doc krb5-ldap.conf.sample
%doc doc/install*.ps.gz
%doc src/config-files/kdc.conf
%{_infodir}/krb5-admin.info*
%{_infodir}/krb5-install.info*
%dir /var/log/kerberos
%dir %{_sysconfdir}/kerberos/krb5kdc
%config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kdc.conf
%config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kadm5.acl
%{_mandir}/man5/kdc.conf.5*
%{_sbindir}/kadmin.local
%{_mandir}/man8/kadmin.local.8*
%{_sbindir}/kadmind
%{_mandir}/man8/kadmind.8*
#%{_sbindir}/kadmind4
%{_sbindir}/kdb5_util
%{_mandir}/man8/kdb5_util.8*
%{_sbindir}/kdb5_ldap_util
%{_mandir}/man8/kdb5_ldap_util.8*
%{_sbindir}/kprop
%{_mandir}/man8/kprop.8*
%{_sbindir}/kpropd
%{_mandir}/man8/kpropd.8*
%if %{with_krb4}
%{_sbindir}/krb524d
%{_mandir}/man8/krb524d.8*
%endif
%{_sbindir}/krb5kdc
%{_mandir}/man8/k5srvutil.8*
%{_sbindir}/k5srvutil
%{_mandir}/man8/krb5kdc.8*
%{_sbindir}/sim_server
#%{_sbindir}/v5passwdd
# This is here for people who want to test their server, and also
# included in devel package for similar reasons.
%{_bindir}/sclient
%{_mandir}/man1/sclient.1*
%{_sbindir}/sserver
%{_mandir}/man8/sserver.8*
%attr(0755,root,root) %{_sbindir}/kdcrotate
%{_datadir}/gnats/mit
%dir %{_libdir}/krb5/plugins/kdb
%{_libdir}/krb5/plugins/kdb/db2.so
%{_libdir}/krb5/plugins/kdb/kldap.so
%{_libdir}/krb5/plugins/preauth/pkinit.so
%files -n %{libname}
%defattr(-,root,root)
%{_libdir}/lib*.so.*
%files -n %{libname}-devel
%defattr(-,root,root)
%doc doc/api
%doc doc/implement
%doc doc/kadm5
%doc doc/kadmin
%doc doc/krb5-protocol
%doc doc/rpc
%multiarch %{multiarch_bindir}/krb5-config
%multiarch %{multiarch_includedir}/gssapi/gssapi.h
%multiarch %{multiarch_includedir}/gssrpc/types.h
# multiarch %{multiarch_includedir}/krb5/k5-config.h
#multiarch %{multiarch_includedir}/krb5/autoconf.h
#multiarch %{multiarch_includedir}/krb5/osconf.h
%multiarch %{multiarch_includedir}/krb5.h
%{_includedir}/*
%{_bindir}/krb5-config
%{_libdir}/lib*.so
%{_bindir}/sclient
%{_mandir}/man1/sclient.1*
%{_sbindir}/sserver
%{_mandir}/man8/sserver.8*
%{_mandir}/man1/krb5-config.1*
%files -n telnet-server-krb5
%defattr(-,root,root)
%config(noreplace) /etc/xinetd.d/telnet
%{_sbindir}/telnetd
%{_mandir}/man8/telnetd.8*
%files -n telnet-client-krb5
%defattr(-,root,root)
%config(noreplace) %{_sysconfdir}/apparmor.d/usr.bin.telnet
%{_bindir}/telnet
%{_mandir}/man1/telnet.1*
%files -n ftp-client-krb5
%defattr(-,root,root)
%{_bindir}/ftp
%{_mandir}/man1/ftp.1*
%files -n ftp-server-krb5
%defattr(-,root,root)
%config(noreplace) /etc/xinetd.d/ftp
%{_sbindir}/ftpd
%{_mandir}/man8/ftpd.8*
%changelog
* Mon Jun 09 2008 Pixel <pixel@mandriva.com> 1.6.3-6mdv2009.0
+ Revision: 217188
- do not call ldconfig in %%post/%%postun, it is now handled by filetriggers
* Wed Mar 26 2008 Gustavo De Nardin <gustavodn@mandriva.com> 1.6.3-6mdv2008.1
+ Revision: 190506
- fixed alternatives manpages extension
* Tue Mar 25 2008 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-5mdv2008.1
+ Revision: 189926
- P25: security fix for CVE-2007-5901
- P26: security fix for CVE-2007-5971
- P27: security fix for CVE-2008-0062 and CVE-2008-0063
- P28: security fix for CVE-2008-0947
* Fri Feb 29 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-4mdv2008.1
+ Revision: 176811
- removed last instance of MANDRAKESOFT name
- include apparmor profile for /usr/bin/telnet
* Mon Jan 07 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-3mdv2008.1
+ Revision: 146343
- unrestrict the libkrb53 requires on krb5 as per pixel's email
+ Funda Wang <fundawang@mandriva.org>
- fix man page extension
* Fri Dec 21 2007 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-2mdv2008.1
+ Revision: 136088
- fix krb5-devel <-> openldap-devel cross linkage (take one)
+ Thierry Vignaud <tvignaud@mandriva.com>
- kill re-definition of %%buildroot on Pixel's request
* Tue Oct 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.3-1mdv2008.1
+ Revision: 101520
- updated to version 1.6.3
- removed 2007-006 security patch, already applied
* Sun Sep 30 2007 Anssi Hannula <anssi@mandriva.org> 1.6.2-7mdv2008.0
+ Revision: 94040
- add a conflict on old 32bit libkrb53 into 64bit krb5 to ensure smooth
upgrade on biarch systems
* Wed Sep 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-6mdv2008.0
+ Revision: 93160
- remove historical options from krb5.conf, relying more on defaults
* Wed Sep 19 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-5mdv2008.0
+ Revision: 90816
- make library package only provide the libs themselves and
not any other file (#32580)
* Tue Sep 18 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.2-4mdv2008.0
+ Revision: 89826
- rebuild
* Tue Sep 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-3mdv2008.0
+ Revision: 84549
- security patch for CVE-2007-3999 and CVE-2007-4000 (#33193)
* Thu Aug 23 2007 Thierry Vignaud <tvignaud@mandriva.com> 1.6.2-2mdv2008.0
+ Revision: 70294
- kill file require on info-install
* Wed Jul 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-1mdv2008.0
+ Revision: 51241
- updated to 1.6.2
- dropped patches that were already applied
* Tue Jun 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-5mdv2008.0
+ Revision: 44629
- added security patches from advisories MITKRB5-SA-2007-004 and
MITKRB5-SA-2007-005 (CVE-2007-2442, CVE-2007-2443 and CVE-2007-2798)
- rebuild with new serverbuild macro, enabling -fstack-protector-all
* Fri Jun 22 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-4mdv2008.0
+ Revision: 43231
- using serverbuild macro
+ Herton Ronaldo Krzesinski <herton@mandriva.com.br>
- Added patch ftp_remove_printf_debug, to remove uneeded debug
information of ftp client from ftp-client-krb5 package.
Closes: #30467.
* Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-2mdv2008.0
+ Revision: 17357
- oops, accidentally removed a previous change by Guillaume, fixed
* Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-1mdv2008.0
+ Revision: 17353
- updated to version 1.6.1, dropping security patches which were already applied
* Sat Apr 21 2007 Andreas Hasenack <andreas@mandriva.com> 1.6-3mdv2008.0
+ Revision: 16432
- updated to version 1.6
- enabled LDAP backend
- added security patches for CVE-2007-0956, CVE-2007-0957
and CVE-2007-1216
- fix segfault on password change
- make main initscripts cope with database in ldap
- added sample krb5.conf file for ldap usage
- setting sysconfdir in configure to avoid a lookup
in /usr/etc instead of /etc at runtime
- major cleanup in spec file (basically, trusting upstream a bit more)
- return proper exit codes in the initscripts
- don't provide old names anymore
- disabled ftp and telnet servers (via xinetd) by default
- html doc
- rename html supplied doc
- use example.com domain and realm in the html supplied doc
* Fri Apr 20 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-7mdv2008.0
+ Revision: 16419
- use a better default realm for the acl file
- fix plugin path (#30349)
- making defaults more secure for ftp and telnetd server (vdanen)
* Thu Apr 05 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-6mdv2007.1
+ Revision: 150703
- applied security patches to fix vulnerabilities
(CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216)
* Tue Mar 13 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.2-5mdv2007.1
+ Revision: 142466
- make the workstation package provide kerberos-workstation virtual package
* Fri Feb 09 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-4mdv2007.1
+ Revision: 118433
- revert last change
* Thu Feb 08 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-3mdv2007.1
+ Revision: 117876
- added the /usr/include/krb5/kdb.h header, needed by php-kadm5
* Thu Jan 25 2007 mandrake <mandrake> 1.6-3mdv2007.1
+ Revision: 113280
* Thu Jan 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-1mdv2007.1
+ Revision: 107488
- updated to version 1.5.2
- removed security patches 2006-002 and 2006-003, already applied
in this version
* Tue Jan 09 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.1-2mdv2007.1
+ Revision: 106777
- added security patches for two new vulnerabilities
(2006-002 and 2006-003)
* Thu Nov 30 2006 Andreas Hasenack <andreas@mandriva.com> 1.5.1-1mdv2007.1
+ Revision: 89342
- updated to version 1.5.1
- dropped patches that were no longer being applied
- updated some patches, removed others (will keep cleaning this up)
* Mon Nov 06 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.4-1mdv2007.1
+ Revision: 77019
- updated to version 1.4.4
- removed security patch (already applied)
* Tue Oct 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-7mdv2007.0
+ Revision: 63201
- bumped release
- added LSB info to initscripts (#26356)
- bunzip some files
* Tue Aug 22 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-6mdv2007.0
+ Revision: 56977
- updated security patch for MIT krb5 Security Advisory 2006-001
* Thu Aug 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-5mdv2007.0
+ Revision: 54880
- bump release
- added patch for MITKRB5-SA-2006-001-setuid vulnerability
- import krb5-1.4.3-4mdv2007.0
* Wed Jun 07 2006 Per Øyvind Karlsen <pkarlsen@mandriva.com> 1.4.3-4mdv2007.0
- rebuild properly when pthread_mutexattr_setrobust_np() is defined but not
declared, such as with recent glibc when _GNU_SOURCE isn't being used (P25 from fedora)
* Tue Mar 07 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-3mdk
- fixed kpropd initscript (Closes: #21491)
* Wed Jan 04 2006 Oden Eriksson <oeriksson@mandriva.com> 1.4.3-2mdk
- fix deps
* Mon Nov 21 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.3-1mdk
- updated to version 1.4.3
- Prereq -> Requires(foo)
* Thu Aug 18 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.2-1mdk
- updated to version 1.4.2
- removed MITKRB5-SA-2005-002 security patch, already applied
- removed MITKRB5-SA-2005-003 security patch, already applied
* Fri Aug 05 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-7mdk
- fixed init script to only call krb524 if it exists (#17213)
* Wed Jul 13 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-6mdk
- added security patches from MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003
(CAN-2005-1174, CAN-2005-1175 and CAN-2005-1689)
* Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-5mdk
- same (lfs patch) for ftp server
* Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-4mdk
- patch for LFS in the ftp client
* Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-3mdk
- using EXAMPLE.COM in default configuration file
* Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-2mdk
- conditionally build krb4 support (disabled by default)
- removed empty %%post{,un} sections
- removed %%config tag from init scripts
- fixed profile scripts permissions
- using correct ./configure option to enable dns realm lookup
* Thu Jun 09 2005 Buchan Milne <bgmilne@linux-mandrake.com> 1.4.1-1mdk
- 1.4.1
- drop p11 (conflict), p24 (upstream) and p25 (conflict,unnecessary)
- previous changes for 1.4:
- 1.4
- drop p2,p12 (conflict), p15 (upstream), p16 (some conflict, some upstream),
p17 (original source gone)
* Sat May 07 2005 Oden Eriksson <oeriksson@mandriva.com> 1.3.6-7mdk
- added one gcc4 patch (debian)
* Thu Apr 07 2005 Daouda LO <daouda@mandrakesoft.com> 1.3.6-6mdk
o Tue Mar 29 2005 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2.2.101mdk
- security fix for CAN-2005-0468, CAN-2005-0469
* Thu Mar 10 2005 Stefan van der Eijk <stefan@eijk.nu> 1.3.6-5mdk
- reupload
* Mon Feb 28 2005 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 1.3.6-4mdk
- multiarch + also preserve file names when generating headers from *.h files
* Sat Feb 12 2005 Pascal Terjan <pterjan@mandrake.org> 1.3.6-3mdk
- fix patch 13 causing segfault in ftp
* Tue Feb 01 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.6-2mdk
- fix deps and
- fix no-reload-entry in the krb5server, krb524 and kprop init scripts
* Mon Jan 10 2005 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.6-1mdk
- 1.3.6
- don't use chrpath on static libraries
- summary-ended-with-dot
- macroize
* Fri Dec 03 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.5-1mdk
- 1.3.5
- add P22 from fedora
- drop P20 & P21 (merged upstream)
* Sat Oct 09 2004 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2mdk
- include security patches (P20, P21) for CAN-2004-0642, CAN-2004-0643,
CAN-2004-0644, CAN-2004-0772
* Sun Aug 08 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.4-1mdk
- 1.3.4
- added P19 (fedora)
- enable static devel libs
- misc spec file fixes
* Sat May 22 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.3-4mdk
- fix buildrequires
- spec cosmetics
* Tue May 18 2004 Florin <florin@mandrakesoft.com> 1.3.3-3mdk
- ugly rpath fix (brr, I hate to do that :o) )
- strip _bindir binaries
* Wed May 12 2004 Florin <florin@mandrakesoft.com> 1.3.3-2mdk
- add the 5-18 patches
- fix the master-key entry in kdc.conf
* Mon May 10 2004 Florin <florin@mandrakesoft.com> 1.3.3-1mdk
- 1.3.3
- spec cleanups
