%define name krb5 %define version 1.6.3 %define rel 6 %define release %mkrel %rel %define major 3 %define libname %mklibname %name %major # enable checking after compile %define enable_check 0 %{?_with_check: %global %enable_check 1} %define with_krb4 0 Summary: The Kerberos network authentication system Name: %{name} Version: %{version} Release: %{release} # from http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar Source0: %{name}-%{version}.tar.gz Source1: kpropd.init Source2: krb524d.init Source3: kadmind.init Source4: krb5kdc.init Source5: krb5.conf Source6: krb5.sh Source7: krb5.csh Source8: kdcrotate Source9: kdc.conf Source10: kadm5.acl Source11: krsh Source12: krlogin Source13: eklogin.xinetd Source14: klogin.xinetd Source15: kshell.xinetd Source16: telnet-krb5.xinetd Source17: ftp-krb5.xinetd Source18: krb5server.init Source19: statglue.c Source20: telnet.16.xpm Source21: telnet.32.xpm Source22: telnet.48.xpm Source23: Mandriva-Kerberos-HOWTO.html Source24: %{name}-%{version}.tar.gz.asc Source25: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz Source26: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig Source27: krb5-ldap.conf.sample Source28: usr.bin.telnet.apparmor Patch0: krb5-1.2.2-telnetbanner.patch Patch1: krb5-1.2.5-biarch-utmp.patch Patch4: krb5-1.3-no-rpath.patch # stolen from fedora Patch6: krb5-1.3-large-file.patch Patch7: krb5-1.5.1-ksu-path.patch Patch8: krb5-1.3-ksu-access.patch Patch9: krb5-1.3-pass-by-address.patch Patch10: krb5-1.3-netkit-rsh.patch Patch13: krb5-1.3-ftp-glob.patch Patch19: krb5-1.3.3-rcp-sendlarge.patch # (gb) preserve file names when generating files from *.et (multiarch fixes) Patch23: krb5-1.3.6-et-preserve-file-names.patch # http://qa.mandriva.com/show_bug.cgi?id=9410 Patch24: krb5-1.4.1-ftplfs.patch Patch25: krb5-1.6.1-rh-CVE-2007-5901.patch Patch26: krb5-1.6.1-rh-CVE-2007-5971.patch Patch27: krb5-1.6.1-rh-CVE-2008-0062_0063.patch Patch28: krb5-1.6.1-rh-CVE-2008-0947.patch License: MIT URL: http://web.mit.edu/kerberos/www/ Group: System/Libraries # we moved some files from the lib package to this one, see # http://qa.mandriva.com/show_bug.cgi?id=32580 Conflicts: %{libname} <= 1.6.2-4mdv2008.0 # (anssi) biarch conflicts as well: Conflicts: libkrb53 <= 1.6.2-4mdv2008.0 Requires(pre): info-install Requires: info-install BuildRequires: bison flex termcap-devel texinfo e2fsprogs-devel BuildRequires: tcl tcl-devel chrpath %if %enable_check BuildRequires: dejagnu %endif BuildRequires: multiarch-utils >= 1.0.3 BuildRequires: openldap-devel Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. %package -n %{libname}-devel Summary: Development files needed for compiling Kerberos 5 programs Group: Development/Other Requires: %{libname} = %{version} Provides: krb-devel = %{version}-%{release} Provides: krb5-devel = %{version}-%{release} Provides: libkrb-devel Obsoletes: krb-devel Obsoletes: krb5-devel Obsoletes: libkrb51-devel %description -n %{libname}-devel Kerberos is a network authentication system. The krb5-devel package contains the header files and libraries needed for compiling Kerberos 5 programs. If you want to develop Kerberos-aware programs, you'll need to install this package. %package -n %{libname} Summary: The shared libraries used by Kerberos 5 Group: System/Libraries Provides: krb5-libs = %{version}-%{release} Obsoletes: krb5-libs Obsoletes: libkrb51 # we need the conf file, and better make sure it's a recent version # for example, previous MIT kerberos versions didn't have ldap support, # and this is specified in the conf file Requires: %{name} >= %{version} %description -n %{libname} Kerberos is a network authentication system. The krb5-libs package contains the shared libraries needed by Kerberos 5. If you're using Kerberos, you'll need to install this package. %package server Group: System/Servers Summary: The server programs for Kerberos 5 Requires: %{libname} = %{version}-%{release} Requires: %{name}-workstation = %{version}-%{release} Requires: words Requires(pre): info-install Requires: info-install %description server Kerberos is a network authentication system. The krb5-server package contains the programs that must be installed on a Kerberos 5 server. If you're installing a Kerberos 5 server, you need to install this package (in other words, most people should NOT install this package). %package workstation Summary: Kerberos 5 programs for use on workstations Group: System/Base Requires: %{libname} = %{version}-%{release} Requires(pre): info-install Requires: info-install Provides: kerberos-workstation Conflicts: rsh <= 0.17-12mdk %description workstation Kerberos is a network authentication system. The krb5-workstation package contains the basic Kerberos programs (kinit, klist, kdestroy, kpasswd). If your network uses Kerberos, this package should be installed on every workstation. %package -n telnet-server-krb5 Summary: A telnet-server with kerberos support Group: Networking/Remote access Requires: %{libname} = %{version}-%{release} Requires: xinetd Obsoletes: telnet-server Provides: telnet-server %description -n telnet-server-krb5 Telnet is a popular protocol for logging into remote systems over the Internet. The telnet-server package provides a telnet daemon, which will support remote logins into the host machine. The telnet daemon is enabled by default. You may disable the telnet daemon by editing /etc/inetd.conf. Install the telnet-server package if you want to support remote logins to your machine. This version supports kerberos authentication. %package -n telnet-client-krb5 Summary: A telnet-client with kerberos support Group: Networking/Remote access Requires: %{libname} = %{version}-%{release} Obsoletes: telnet Provides: telnet %description -n telnet-client-krb5 Telnet is a popular protocol for logging into remote systems over the Internet. The telnet package provides a command line telnet client. Install the telnet package if you want to telnet to remote machines. This version supports kerberos authentication. %package -n ftp-client-krb5 Summary: A ftp-client with kerberos support Group: Networking/File transfer Requires: %{libname} = %{version} Obsoletes: ftp Provides: ftp %description -n ftp-client-krb5 The ftp package provides the standard UNIX command-line FTP client. FTP is the file transfer protocol, which is a widely used Internet protocol for transferring files and for archiving files. If your system is on a network, you should install ftp in order to do file transfers. This version supports kerberos authentication. %package -n ftp-server-krb5 Summary: A ftp-server with kerberos support Group: Networking/File transfer Requires: %{libname} = %{version} Provides: ftpserver %description -n ftp-server-krb5 The ftp-server package provides an ftp server. This version supports kerberos authentication. %prep %setup -q -a 25 %patch0 -p1 -b .banner %patch1 -p1 -b .biarch-utmp %patch4 -p1 -b .no-rpath %patch6 -p1 -b .large-file %patch7 -p1 -b .ksu-path %patch8 -p1 -b .ksu-access %patch9 -p1 -b .pass-by-address %patch10 -p1 -b .netkit-rsh %patch13 -p1 -b .ftp-glob %patch19 -p1 -b .rcp-sendlarge %patch23 -p1 -b .et-preserve-file-names %patch24 -p1 -b .lfs %patch25 -p0 -b .cve-2007-5901 %patch26 -p0 -b .cve-2007-5971 %patch27 -p0 -b .cve-2008-0062_0063 %patch28 -p0 -b .cve-2008-0947 # krb5-ldap.conf.sample install -m 0644 %{SOURCE27} . find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";" gzip doc/*.ps find -name "*\.h" | xargs perl -p -i -e "s|\<com_err|\<et/com_err|"; find -name "*\.h" | xargs perl -p -i -e "s|\"com_err|\"et/com_err|"; %build %serverbuild export CFLAGS="$CFLAGS -I/usr/include/et" find . -name "*.[ch]"|xargs grep -r -l "^extern int errno;" * | xargs perl -p -i -e "s|^extern int errno;|#include <errno.h>|" find . -name "*.[ch]"|xargs grep -r -l "extern int errno;" * | xargs perl -p -i -e "s|^extern int errno;||" cd src %{?__cputoolize: %{__cputoolize} -c config} DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES # don't use %%configure, it expands wrongly for some reason ./configure \ --prefix=%{_prefix} \ --sysconfdir=%{_sysconfdir} \ --infodir=%{_infodir} \ --mandir=%{_mandir} \ --localstatedir=%{_sysconfdir}/kerberos \ %if %{with_krb4} --with-krb4 \ %else --without-krb4 \ %endif --enable-dns-for-realm \ --with-tcl=%{_prefix} \ --with-system-et \ --with-system-ss \ --libexecdir=%{_libdir} \ --libdir=%{_libdir} \ --enable-shared \ --disable-static \ --with-ldap %make # Run the test suite. Won't run in the build system because /dev/pts is # not available for telnet tests and so on. # make check TMPDIR=%{_tmppath} %install rm -rf %{buildroot} pushd src %makeinstall_std popd # Our shell scripts. install -d %{buildroot}%{_bindir} install -m 0755 %{SOURCE11} %{buildroot}%{_bindir}/krsh install -m 0755 %{SOURCE12} %{buildroot}%{_bindir}/krlogin # Extra headers. install -d %{buildroot}%{_includedir} pushd src/include find kadm5 krb5 gssrpc gssapi -name "*.h" | cpio -pdm %{buildroot}%{_includedir} popd perl -pi -e 's#k5-int#krb5/kdb#g' %{buildroot}%{_includedir}/kadm5/admin.h find %{buildroot}%{_includedir} -type d | xargs chmod 755 find %{buildroot}%{_includedir} -type f | xargs chmod 644 # logdir install -d %{buildroot}/var/log/kerberos # Info docs. install -d %{buildroot}%{_infodir} install -m 644 doc/*.info* %{buildroot}%{_infodir}/ %if ! %{with_krb4} rm -f %{buildroot}%{_infodir}/krb425.info* %endif # KDC config files. install -d %{buildroot}%{_sysconfdir}/kerberos/krb5kdc install -m 0644 %{SOURCE9} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kdc.conf install -m 0600 %{SOURCE10} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kadm5.acl # Client config files and scripts. install -d %{buildroot}/etc/profile.d install -m 0644 %{SOURCE5} %{buildroot}%{_sysconfdir}/krb5.conf install -m 0755 %{SOURCE6} %{buildroot}%{_sysconfdir}/profile.d/krb5.sh install -m 0755 %{SOURCE7} %{buildroot}%{_sysconfdir}/profile.d/krb5.csh # KDC init script. install -d %{buildroot}%{_initrddir} install -d %{buildroot}%{_sbindir} install -m 0755 %{SOURCE4} %{buildroot}%{_initrddir}/krb5kdc install -m 0755 %{SOURCE3} %{buildroot}%{_initrddir}/kadmin install -m 0755 %{SOURCE1} %{buildroot}%{_initrddir}/kprop %if %{with_krb4} install -m 0755 %{SOURCE2} %{buildroot}%{_initrddir}/krb524 %endif install -m 0755 %{SOURCE8} %{buildroot}%{_sbindir}/kdcrotate install -m 0755 %{SOURCE18} %{buildroot}%{_initrddir}/krb5server # fix some permissions chmod 755 %{buildroot}%{_libdir}/*.so* find %{buildroot}%{_includedir} -type d | xargs chmod 755 find %{buildroot}%{_includedir} -type f | xargs chmod 644 # Xinetd configuration files. install -d %{buildroot}%{_sysconfdir}/xinetd.d/ install -m 0644 %{SOURCE16} %{buildroot}%{_sysconfdir}/xinetd.d/telnet install -m 0644 %{SOURCE17} %{buildroot}%{_sysconfdir}/xinetd.d/ftp install -m 0644 %{SOURCE23} doc/Mandrake-Kerberos-HOWTO.html # Rename rsh, rlogin and rcp to not conflict with those provided by netkit for i in rcp rlogin rsh; do mv %{buildroot}%{_bindir}/$i %{buildroot}%{_bindir}/$i.krb5 mv %{buildroot}%{_mandir}/man1/$i.1 %{buildroot}%{_mandir}/man1/$i.krb5.1 done # dump un-FHS examples location (files included in doc list now) rm -Rf %{buildroot}/%{_datadir}/examples # multiarch policy %multiarch_binaries %{buildroot}%{_bindir}/krb5-config %multiarch_includes %{buildroot}%{_includedir}/gssapi/gssapi.h # (gb) this one could be fixed differently and properly using <stdint.h> %multiarch_includes %{buildroot}%{_includedir}/gssrpc/types.h # multiarch_includes %{buildroot}%{_includedir}/krb5/k5-config.h # multiarch_includes %{buildroot}%{_includedir}/krb5/autoconf.h # multiarch_includes %{buildroot}%{_includedir}/krb5/osconf.h %multiarch_includes %{buildroot}%{_includedir}/krb5.h %if ! %{with_krb4} rm -rf %{buildroot}%{_includedir}/kerberosIV %endif # install missing manpage mkdir -p %{buildroot}%{_mandir}/man8 install -m 0644 src/plugins/kdb/ldap/ldap_util/kdb5_ldap_util.M \ %{buildroot}%{_mandir}/man8/kdb5_ldap_util.8 # apparmor profile(s) mkdir -p %{buildroot}%{_sysconfdir}/apparmor.d install -m 0644 %{SOURCE28} %{buildroot}%{_sysconfdir}/apparmor.d/usr.bin.telnet %if %mdkversion < 200900 %post -n %{libname} -p /sbin/ldconfig %endif %if %mdkversion < 200900 %postun -n %{libname} -p /sbin/ldconfig %endif %post server # Remove the init script for older servers. [ -x /etc/rc.d/init.d/krb5server ] && /sbin/chkconfig --del krb5server # Install the new ones. /sbin/chkconfig --add krb5kdc /sbin/chkconfig --add kadmin %if %{with_krb4} /sbin/chkconfig --add krb524 %_install_info krb425.info %endif /sbin/chkconfig --add kprop %_install_info krb5-admin.info %_install_info krb5-install.info %preun server if [ "$1" = "0" ] ; then /sbin/chkconfig --del krb5kdc /sbin/chkconfig --del kadmin %if %{with_krb4} /sbin/chkconfig --del krb524 /sbin/service krb524 stop > /dev/null 2>&1 || : %endif /sbin/chkconfig --del kprop /sbin/service krb5kdc stop > /dev/null 2>&1 || : /sbin/service kadmin stop > /dev/null 2>&1 || : /sbin/service kprop stop > /dev/null 2>&1 || : fi %if %{with_krb4} %_remove_install_info krb425.info %endif %_remove_install_info krb5-admin.info %_remove_install_info krb5-install.info %postun server if [ "$1" -ge 1 ] ; then /sbin/service krb5kdc condrestart > /dev/null 2>&1 || : %if %{with_krb4} /sbin/service krb524 condrestart > /dev/null 2>&1 || : %endif /sbin/service kadmin condrestart > /dev/null 2>&1 || : /sbin/service kprop condrestart > /dev/null 2>&1 || : fi %post workstation %_install_info krb5-user.info /sbin/service xinetd reload > /dev/null 2>&1 || : %{_sbindir}/update-alternatives \ --install %{_bindir}/rcp rcp %{_bindir}/rcp.krb5 20 \ --slave %{_mandir}/man1/rcp.1%{_extension} man-rcp %{_mandir}/man1/rcp.krb5.1%{_extension} %{_sbindir}/update-alternatives \ --install %{_bindir}/rlogin rlogin %{_bindir}/rlogin.krb5 20 \ --slave %{_mandir}/man1/rlogin.1%{_extension} man-rlogin %{_mandir}/man1/rlogin.krb5.1%{_extension} %{_sbindir}/update-alternatives \ --install %{_bindir}/rsh rsh %{_bindir}/rsh.krb5 20 \ --slave %{_mandir}/man1/rsh.1%{_extension} man-rsh %{_mandir}/man1/rsh.krb5.1%{_extension} %preun workstation %_remove_install_info krb5-user.info if [ $1 -eq 0 ]; then %{_sbindir}/update-alternatives --remove rcp %{_bindir}/rcp.krb5 %{_sbindir}/update-alternatives --remove rlogin %{_bindir}/rlogin.krb5 %{_sbindir}/update-alternatives --remove rsh %{_bindir}/rsh.krb5 fi %postun workstation /sbin/service xinetd reload > /dev/null 2>&1 || : %triggerpostun workstation -- %{name}-workstation <= 1.3-4mdk if [ ! -f %{_bindir}/rcp ]; then %{_sbindir}/update-alternatives \ --install %{_bindir}/rcp rcp %{_bindir}/rcp.krb5 20 \ --slave %{_mandir}/man1/rcp.1%{_extension} man-rcp %{_mandir}/man1/rcp.krb5.1%{_extension} %{_sbindir}/update-alternatives \ --install %{_bindir}/rlogin rlogin %{_bindir}/rlogin.krb5 20 \ --slave %{_mandir}/man1/rlogin.1%{_extension} man-rlogin %{_mandir}/man1/rlogin.krb5.1%{_extension} %{_sbindir}/update-alternatives \ --install %{_bindir}/rsh rsh %{_bindir}/rsh.krb5 20 \ --slave %{_mandir}/man1/rsh.1%{_extension} man-rsh %{_mandir}/man1/rsh.krb5.1%{_extension} fi %post -n telnet-server-krb5 /sbin/service xinetd reload > /dev/null 2>&1 || : ln -sf /bin/login /usr/sbin/login.krb5 file="/etc/xinetd.d/telnet" if [ ! -f $file ] ; then echo "Can't find xinetd file for telnet." exit 0 fi perl -pi -e "s|/usr/sbin/in\.telnetd|/usr/sbin/telnetd|g" $file # We already have the required flags (-a <some_auth_mode>) cat $file|egrep -q "server_args.*=.*-a[[:space:]]+.*$" && exit 0 # Don't have -a <some_auth_mode>, check if we have server_args or not cat $file|egrep -q "server_args.*=.*$" && \ perl -pi -e "s|(server_args.*=.*$)|\1\ -a\ none|" $file && exit 0 # Say, no server_args in xinetd file. perl -pi -e "s|(server.*=.*/usr/sbin/telnetd.*$)|\1\n\tserver_args\t=\ -a\ none|" $file && exit 0 %postun -n telnet-server-krb5 /sbin/service xinetd reload > /dev/null 2>&1 || : %post -n ftp-server-krb5 /sbin/service xinetd reload > /dev/null 2>&1 || : ln -sf /bin/login /usr/sbin/login.krb5 file="/etc/xinetd.d/ftp" if [ ! -f $file ] ; then echo "Can't find xinetd file for ftp." exit 0 fi %postun -n ftp-server-krb5 /sbin/service xinetd reload > /dev/null 2>&1 || : %posttrans -n telnet-client-krb5 # if we have apparmor installed, reload if it's being used if [ -x /sbin/apparmor_parser ]; then /sbin/service apparmor condreload fi %clean rm -rf %{buildroot} %files %defattr(-,root,root) %doc README %config(noreplace) %{_sysconfdir}/krb5.conf %dir %{_sysconfdir}/kerberos %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %files workstation %defattr(-,root,root) %attr(0755,root,root) %config(noreplace) /etc/profile.d/krb5.sh %attr(0755,root,root) %config(noreplace) /etc/profile.d/krb5.csh %doc doc/*.html doc/user*.ps.gz src/config-files/services.append %doc src/config-files/krb5.conf %attr(0755,root,root) %doc src/config-files/convert-config-files %{_infodir}/krb5-user.info* %{_bindir}/gss-client %{_bindir}/kdestroy %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kerberos.1* %{_bindir}/kinit %{_mandir}/man1/kinit.1* %{_bindir}/klist %{_mandir}/man1/klist.1* %{_bindir}/kpasswd %{_mandir}/man1/kpasswd.1* %if %{with_krb4} %{_bindir}/krb524init %attr(0755,root,root) %{_bindir}/v4rcp %{_mandir}/man1/v4rcp.1* %endif %{_sbindir}/kadmin %{_mandir}/man8/kadmin.8* %{_sbindir}/ktutil %{_mandir}/man8/ktutil.8* %attr(0755,root,root) %{_bindir}/ksu %{_mandir}/man1/ksu.1* %{_bindir}/kvno %{_mandir}/man1/kvno.1* %{_bindir}/rcp.krb5 %{_mandir}/man1/rcp.krb5.1* %attr(0755,root,root) %{_bindir}/krlogin %{_bindir}/rlogin.krb5 %{_mandir}/man1/rlogin.krb5.1* %attr(0755,root,root) %{_bindir}/krsh %{_bindir}/rsh.krb5 %{_mandir}/man1/rsh.krb5.1* %{_mandir}/man1/tmac.doc* #%{_bindir}/v5passwd #%{_mandir}/man1/v5passwd.1* %{_bindir}/sim_client %{_bindir}/uuclient %{_sbindir}/login.krb5 %{_mandir}/man8/login.krb5.8* %{_sbindir}/gss-server %{_sbindir}/klogind %{_mandir}/man8/klogind.8* %{_sbindir}/krb5-send-pr %{_mandir}/man1/krb5-send-pr.1* %{_sbindir}/kshd %{_mandir}/man8/kshd.8* %{_sbindir}/uuserver %{_mandir}/man5/.k5login.5* %{_mandir}/man5/krb5.conf.5* %files server %defattr(-,root,root) %attr(0755,root,root) %{_initrddir}/krb5kdc %attr(0755,root,root) %{_initrddir}/kadmin %if %{with_krb4} %attr(0755,root,root) %{_initrddir}/krb524 %endif %attr(0755,root,root) %{_initrddir}/kprop %attr(0755,root,root) %{_initrddir}/krb5server %doc doc/admin*.ps.gz doc/*html %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %if %{with_krb4} %doc doc/krb425*.ps.gz %{_infodir}/krb425.info* %endif %doc krb5-ldap.conf.sample %doc doc/install*.ps.gz %doc src/config-files/kdc.conf %{_infodir}/krb5-admin.info* %{_infodir}/krb5-install.info* %dir /var/log/kerberos %dir %{_sysconfdir}/kerberos/krb5kdc %config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kdc.conf %config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kadm5.acl %{_mandir}/man5/kdc.conf.5* %{_sbindir}/kadmin.local %{_mandir}/man8/kadmin.local.8* %{_sbindir}/kadmind %{_mandir}/man8/kadmind.8* #%{_sbindir}/kadmind4 %{_sbindir}/kdb5_util %{_mandir}/man8/kdb5_util.8* %{_sbindir}/kdb5_ldap_util %{_mandir}/man8/kdb5_ldap_util.8* %{_sbindir}/kprop %{_mandir}/man8/kprop.8* %{_sbindir}/kpropd %{_mandir}/man8/kpropd.8* %if %{with_krb4} %{_sbindir}/krb524d %{_mandir}/man8/krb524d.8* %endif %{_sbindir}/krb5kdc %{_mandir}/man8/k5srvutil.8* %{_sbindir}/k5srvutil %{_mandir}/man8/krb5kdc.8* %{_sbindir}/sim_server #%{_sbindir}/v5passwdd # This is here for people who want to test their server, and also # included in devel package for similar reasons. %{_bindir}/sclient %{_mandir}/man1/sclient.1* %{_sbindir}/sserver %{_mandir}/man8/sserver.8* %attr(0755,root,root) %{_sbindir}/kdcrotate %{_datadir}/gnats/mit %dir %{_libdir}/krb5/plugins/kdb %{_libdir}/krb5/plugins/kdb/db2.so %{_libdir}/krb5/plugins/kdb/kldap.so %{_libdir}/krb5/plugins/preauth/pkinit.so %files -n %{libname} %defattr(-,root,root) %{_libdir}/lib*.so.* %files -n %{libname}-devel %defattr(-,root,root) %doc doc/api %doc doc/implement %doc doc/kadm5 %doc doc/kadmin %doc doc/krb5-protocol %doc doc/rpc %multiarch %{multiarch_bindir}/krb5-config %multiarch %{multiarch_includedir}/gssapi/gssapi.h %multiarch %{multiarch_includedir}/gssrpc/types.h # multiarch %{multiarch_includedir}/krb5/k5-config.h #multiarch %{multiarch_includedir}/krb5/autoconf.h #multiarch %{multiarch_includedir}/krb5/osconf.h %multiarch %{multiarch_includedir}/krb5.h %{_includedir}/* %{_bindir}/krb5-config %{_libdir}/lib*.so %{_bindir}/sclient %{_mandir}/man1/sclient.1* %{_sbindir}/sserver %{_mandir}/man8/sserver.8* %{_mandir}/man1/krb5-config.1* %files -n telnet-server-krb5 %defattr(-,root,root) %config(noreplace) /etc/xinetd.d/telnet %{_sbindir}/telnetd %{_mandir}/man8/telnetd.8* %files -n telnet-client-krb5 %defattr(-,root,root) %config(noreplace) %{_sysconfdir}/apparmor.d/usr.bin.telnet %{_bindir}/telnet %{_mandir}/man1/telnet.1* %files -n ftp-client-krb5 %defattr(-,root,root) %{_bindir}/ftp %{_mandir}/man1/ftp.1* %files -n ftp-server-krb5 %defattr(-,root,root) %config(noreplace) /etc/xinetd.d/ftp %{_sbindir}/ftpd %{_mandir}/man8/ftpd.8* %changelog * Mon Jun 09 2008 Pixel <pixel@mandriva.com> 1.6.3-6mdv2009.0 + Revision: 217188 - do not call ldconfig in %%post/%%postun, it is now handled by filetriggers * Wed Mar 26 2008 Gustavo De Nardin <gustavodn@mandriva.com> 1.6.3-6mdv2008.1 + Revision: 190506 - fixed alternatives manpages extension * Tue Mar 25 2008 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-5mdv2008.1 + Revision: 189926 - P25: security fix for CVE-2007-5901 - P26: security fix for CVE-2007-5971 - P27: security fix for CVE-2008-0062 and CVE-2008-0063 - P28: security fix for CVE-2008-0947 * Fri Feb 29 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-4mdv2008.1 + Revision: 176811 - removed last instance of MANDRAKESOFT name - include apparmor profile for /usr/bin/telnet * Mon Jan 07 2008 Andreas Hasenack <andreas@mandriva.com> 1.6.3-3mdv2008.1 + Revision: 146343 - unrestrict the libkrb53 requires on krb5 as per pixel's email + Funda Wang <fundawang@mandriva.org> - fix man page extension * Fri Dec 21 2007 Oden Eriksson <oeriksson@mandriva.com> 1.6.3-2mdv2008.1 + Revision: 136088 - fix krb5-devel <-> openldap-devel cross linkage (take one) + Thierry Vignaud <tvignaud@mandriva.com> - kill re-definition of %%buildroot on Pixel's request * Tue Oct 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.3-1mdv2008.1 + Revision: 101520 - updated to version 1.6.3 - removed 2007-006 security patch, already applied * Sun Sep 30 2007 Anssi Hannula <anssi@mandriva.org> 1.6.2-7mdv2008.0 + Revision: 94040 - add a conflict on old 32bit libkrb53 into 64bit krb5 to ensure smooth upgrade on biarch systems * Wed Sep 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-6mdv2008.0 + Revision: 93160 - remove historical options from krb5.conf, relying more on defaults * Wed Sep 19 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-5mdv2008.0 + Revision: 90816 - make library package only provide the libs themselves and not any other file (#32580) * Tue Sep 18 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.6.2-4mdv2008.0 + Revision: 89826 - rebuild * Tue Sep 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-3mdv2008.0 + Revision: 84549 - security patch for CVE-2007-3999 and CVE-2007-4000 (#33193) * Thu Aug 23 2007 Thierry Vignaud <tvignaud@mandriva.com> 1.6.2-2mdv2008.0 + Revision: 70294 - kill file require on info-install * Wed Jul 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.2-1mdv2008.0 + Revision: 51241 - updated to 1.6.2 - dropped patches that were already applied * Tue Jun 26 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-5mdv2008.0 + Revision: 44629 - added security patches from advisories MITKRB5-SA-2007-004 and MITKRB5-SA-2007-005 (CVE-2007-2442, CVE-2007-2443 and CVE-2007-2798) - rebuild with new serverbuild macro, enabling -fstack-protector-all * Fri Jun 22 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-4mdv2008.0 + Revision: 43231 - using serverbuild macro + Herton Ronaldo Krzesinski <herton@mandriva.com.br> - Added patch ftp_remove_printf_debug, to remove uneeded debug information of ftp client from ftp-client-krb5 package. Closes: #30467. * Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-2mdv2008.0 + Revision: 17357 - oops, accidentally removed a previous change by Guillaume, fixed * Mon Apr 23 2007 Andreas Hasenack <andreas@mandriva.com> 1.6.1-1mdv2008.0 + Revision: 17353 - updated to version 1.6.1, dropping security patches which were already applied * Sat Apr 21 2007 Andreas Hasenack <andreas@mandriva.com> 1.6-3mdv2008.0 + Revision: 16432 - updated to version 1.6 - enabled LDAP backend - added security patches for CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216 - fix segfault on password change - make main initscripts cope with database in ldap - added sample krb5.conf file for ldap usage - setting sysconfdir in configure to avoid a lookup in /usr/etc instead of /etc at runtime - major cleanup in spec file (basically, trusting upstream a bit more) - return proper exit codes in the initscripts - don't provide old names anymore - disabled ftp and telnet servers (via xinetd) by default - html doc - rename html supplied doc - use example.com domain and realm in the html supplied doc * Fri Apr 20 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-7mdv2008.0 + Revision: 16419 - use a better default realm for the acl file - fix plugin path (#30349) - making defaults more secure for ftp and telnetd server (vdanen) * Thu Apr 05 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-6mdv2007.1 + Revision: 150703 - applied security patches to fix vulnerabilities (CVE-2007-0956, CVE-2007-0957 and CVE-2007-1216) * Tue Mar 13 2007 Guillaume Rousse <guillomovitch@mandriva.org> 1.5.2-5mdv2007.1 + Revision: 142466 - make the workstation package provide kerberos-workstation virtual package * Fri Feb 09 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-4mdv2007.1 + Revision: 118433 - revert last change * Thu Feb 08 2007 Oden Eriksson <oeriksson@mandriva.com> 1.5.2-3mdv2007.1 + Revision: 117876 - added the /usr/include/krb5/kdb.h header, needed by php-kadm5 * Thu Jan 25 2007 mandrake <mandrake> 1.6-3mdv2007.1 + Revision: 113280 * Thu Jan 11 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.2-1mdv2007.1 + Revision: 107488 - updated to version 1.5.2 - removed security patches 2006-002 and 2006-003, already applied in this version * Tue Jan 09 2007 Andreas Hasenack <andreas@mandriva.com> 1.5.1-2mdv2007.1 + Revision: 106777 - added security patches for two new vulnerabilities (2006-002 and 2006-003) * Thu Nov 30 2006 Andreas Hasenack <andreas@mandriva.com> 1.5.1-1mdv2007.1 + Revision: 89342 - updated to version 1.5.1 - dropped patches that were no longer being applied - updated some patches, removed others (will keep cleaning this up) * Mon Nov 06 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.4-1mdv2007.1 + Revision: 77019 - updated to version 1.4.4 - removed security patch (already applied) * Tue Oct 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-7mdv2007.0 + Revision: 63201 - bumped release - added LSB info to initscripts (#26356) - bunzip some files * Tue Aug 22 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-6mdv2007.0 + Revision: 56977 - updated security patch for MIT krb5 Security Advisory 2006-001 * Thu Aug 10 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-5mdv2007.0 + Revision: 54880 - bump release - added patch for MITKRB5-SA-2006-001-setuid vulnerability - import krb5-1.4.3-4mdv2007.0 * Wed Jun 07 2006 Per Øyvind Karlsen <pkarlsen@mandriva.com> 1.4.3-4mdv2007.0 - rebuild properly when pthread_mutexattr_setrobust_np() is defined but not declared, such as with recent glibc when _GNU_SOURCE isn't being used (P25 from fedora) * Tue Mar 07 2006 Andreas Hasenack <andreas@mandriva.com> 1.4.3-3mdk - fixed kpropd initscript (Closes: #21491) * Wed Jan 04 2006 Oden Eriksson <oeriksson@mandriva.com> 1.4.3-2mdk - fix deps * Mon Nov 21 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.3-1mdk - updated to version 1.4.3 - Prereq -> Requires(foo) * Thu Aug 18 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.2-1mdk - updated to version 1.4.2 - removed MITKRB5-SA-2005-002 security patch, already applied - removed MITKRB5-SA-2005-003 security patch, already applied * Fri Aug 05 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-7mdk - fixed init script to only call krb524 if it exists (#17213) * Wed Jul 13 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-6mdk - added security patches from MITKRB5-SA-2005-002 and MITKRB5-SA-2005-003 (CAN-2005-1174, CAN-2005-1175 and CAN-2005-1689) * Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-5mdk - same (lfs patch) for ftp server * Wed Jun 29 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-4mdk - patch for LFS in the ftp client * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-3mdk - using EXAMPLE.COM in default configuration file * Tue Jun 28 2005 Andreas Hasenack <andreas@mandriva.com> 1.4.1-2mdk - conditionally build krb4 support (disabled by default) - removed empty %%post{,un} sections - removed %%config tag from init scripts - fixed profile scripts permissions - using correct ./configure option to enable dns realm lookup * Thu Jun 09 2005 Buchan Milne <bgmilne@linux-mandrake.com> 1.4.1-1mdk - 1.4.1 - drop p11 (conflict), p24 (upstream) and p25 (conflict,unnecessary) - previous changes for 1.4: - 1.4 - drop p2,p12 (conflict), p15 (upstream), p16 (some conflict, some upstream), p17 (original source gone) * Sat May 07 2005 Oden Eriksson <oeriksson@mandriva.com> 1.3.6-7mdk - added one gcc4 patch (debian) * Thu Apr 07 2005 Daouda LO <daouda@mandrakesoft.com> 1.3.6-6mdk o Tue Mar 29 2005 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2.2.101mdk - security fix for CAN-2005-0468, CAN-2005-0469 * Thu Mar 10 2005 Stefan van der Eijk <stefan@eijk.nu> 1.3.6-5mdk - reupload * Mon Feb 28 2005 Gwenole Beauchesne <gbeauchesne@mandrakesoft.com> 1.3.6-4mdk - multiarch + also preserve file names when generating headers from *.h files * Sat Feb 12 2005 Pascal Terjan <pterjan@mandrake.org> 1.3.6-3mdk - fix patch 13 causing segfault in ftp * Tue Feb 01 2005 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.6-2mdk - fix deps and - fix no-reload-entry in the krb5server, krb524 and kprop init scripts * Mon Jan 10 2005 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.6-1mdk - 1.3.6 - don't use chrpath on static libraries - summary-ended-with-dot - macroize * Fri Dec 03 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.5-1mdk - 1.3.5 - add P22 from fedora - drop P20 & P21 (merged upstream) * Sat Oct 09 2004 Vincent Danen <vdanen@mandrakesoft.com> 1.3.4-2mdk - include security patches (P20, P21) for CAN-2004-0642, CAN-2004-0643, CAN-2004-0644, CAN-2004-0772 * Sun Aug 08 2004 Oden Eriksson <oeriksson@mandrakesoft.com> 1.3.4-1mdk - 1.3.4 - added P19 (fedora) - enable static devel libs - misc spec file fixes * Sat May 22 2004 Per Øyvind Karlsen <peroyvind@linux-mandrake.com> 1.3.3-4mdk - fix buildrequires - spec cosmetics * Tue May 18 2004 Florin <florin@mandrakesoft.com> 1.3.3-3mdk - ugly rpath fix (brr, I hate to do that :o) ) - strip _bindir binaries * Wed May 12 2004 Florin <florin@mandrakesoft.com> 1.3.3-2mdk - add the 5-18 patches - fix the master-key entry in kdc.conf * Mon May 10 2004 Florin <florin@mandrakesoft.com> 1.3.3-1mdk - 1.3.3 - spec cleanups