/[packages]/updates/1/krb5/current/SPECS/krb5.spec
ViewVC logotype

Contents of /updates/1/krb5/current/SPECS/krb5.spec

Parent Directory Parent Directory | Revision Log Revision Log

Revision 410358 - (show annotations) (download)
Wed Apr 17 18:30:26 2013 UTC (11 years ago) by luigiwalser
File size: 15732 byte(s) 
add upstream patch to fix CVE-2013-1416
1 %define bootstrap 0
2 %{?_without_bootstrap: %global bootstrap 0}
3 %{?_with_bootstrap: %global bootstrap 1}
4
5 %define name krb5
6 %define version 1.8.3
7 %define release %mkrel 5.6
8
9 %define major 3
10 %define libname %mklibname %name %major
11
12 # enable checking after compile
13 %define enable_check 0
14 %{?_with_check: %global %enable_check 1}
15
16 Summary: The Kerberos network authentication system
17 Name: %{name}
18 Version: %{version}
19 Release: %{release}
20 # from http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
21 Source0: %{name}-%{version}.tar.gz
22 Source1: %{name}-%{version}.tar.gz.asc
23 Source2: kprop.init
24 Source4: kadmin.init
25 Source5: krb5kdc.init
26 Source6: krb5.conf
27 Source10: kdc.conf
28 Source11: kadm5.acl
29 Source19: krb5kdc.sysconfig
30 Source20: kadmin.sysconfig
31 Source23: krb5-%{version}-pdf.tar.gz
32 Source24: krb5-tex-pdf.sh
33 Source25: krb5-1.8-manpaths.txt
34 Source29: ksu.pamd
35 Source30: kerberos-iv.portreserve
36 Source31: kerberos-adm.portreserve
37 Source32: krb5_prop.portreserve
38
39 Patch0: krb5-1.8.1-fix-format-errors.patch
40 # stolen from fedora
41 Patch5: krb5-1.8-ksu-access.patch
42 Patch6: krb5-1.8-ksu-path.patch
43 Patch12: krb5-1.7-ktany.patch
44 Patch16: krb5-1.7-buildconf.patch
45 Patch23: krb5-1.3.1-dns.patch
46 Patch29: krb5-1.8-kprop-mktemp.patch
47 Patch30: krb5-1.3.4-send-pr-tempfile.patch
48 Patch39: krb5-1.8-api.patch
49 Patch53: krb5-1.7-nodeplibs.patch
50 Patch56: krb5-1.7-doublelog.patch
51 Patch58: krb5-1.8-key_exp.patch
52 Patch59: krb5-1.8-kpasswd_tcp.patch
53 Patch60: krb5-1.8-pam.patch
54 Patch61: krb5-1.8-manpaths.patch
55 Patch71: krb5-1.8-dirsrv-accountlock.patch
56 Patch72: http://web.mit.edu/kerberos/advisories/2010-006-patch.txt
57 Patch73: http://web.mit.edu/kerberos/advisories/2010-007-patch.txt
58 # CVE-2010-4022
59 Patch74: http://web.mit.edu/kerberos/advisories/2011-001-patch.txt
60 # CVE-2011-0281,0282
61 Patch75: http://web.mit.edu/kerberos/advisories/2011-002-patch.txt
62 # CVE-2011-0284
63 Patch76: http://web.mit.edu/kerberos/advisories/2011-003-patch.txt
64 # CVE-2011-0285
65 Patch77: http://web.mit.edu/kerberos/advisories/2011-004-patch.txt
66 # CVE-2011-1528,1529
67 Patch78: http://web.mit.edu/kerberos/advisories/2011-006-patch-r18.txt
68 Patch79: krb5-kadmind-null-password.patch
69 Patch80: krb5-1.9.1-CVE-2012-1015.diff
70 Patch81: krb5-CVE-2013-1415.diff
71 Patch82: krb5-CVE-2013-1416.diff
72
73 License: MIT
74 URL: http://web.mit.edu/kerberos/www/
75 Group: System/Libraries
76 BuildRequires: flex
77 BuildRequires: bison
78 BuildRequires: chrpath
79 BuildRequires: texinfo
80 BuildRequires: termcap-devel
81 BuildRequires: e2fsprogs-devel
82 BuildRequires: pam-devel
83 %if %enable_check
84 BuildRequires: dejagnu
85 %endif
86 BuildRequires: multiarch-utils >= 1.0.3
87 %if !%bootstrap
88 BuildRequires: openldap-devel
89 %endif
90
91 %description
92 Kerberos V5 is a trusted-third-party network authentication system,
93 which can improve your network's security by eliminating the insecure
94 practice of cleartext passwords.
95
96 %package -n %{libname}-devel
97 Summary: Development files needed for compiling Kerberos 5 programs
98 Group: Development/Other
99 Requires: %{libname} = %{version}
100 Provides: krb-devel = %{version}-%{release}
101 Provides: krb5-devel = %{version}-%{release}
102 Provides: libkrb-devel
103 Obsoletes: krb-devel
104 Obsoletes: krb5-devel
105 Obsoletes: libkrb51-devel
106
107 %description -n %{libname}-devel
108 Kerberos is a network authentication system. The krb5-devel package
109 contains the header files and libraries needed for compiling Kerberos
110 5 programs. If you want to develop Kerberos-aware programs, you'll
111 need to install this package.
112
113 %package -n %{libname}
114 Summary: The shared libraries used by Kerberos 5
115 Group: System/Libraries
116 Provides: krb5-libs = %{version}-%{release}
117 Obsoletes: krb5-libs
118 Obsoletes: libkrb51
119 # we need the conf file, and better make sure it's a recent version
120 # for example, previous MIT kerberos versions didn't have ldap support,
121 # and this is specified in the conf file
122 Requires: %{name} >= %{version}
123
124 %description -n %{libname}
125 Kerberos is a network authentication system. The krb5-libs package
126 contains the shared libraries needed by Kerberos 5. If you're using
127 Kerberos, you'll need to install this package.
128
129 %package server
130 Group: System/Servers
131 Summary: The server programs for Kerberos 5
132 Requires: %{libname} = %{version}-%{release}
133 Requires: portreserve
134 Requires(post): rpm-helper
135 Requires(preun):rpm-helper
136
137 %description server
138 Kerberos is a network authentication system. The krb5-server package
139 contains the programs that must be installed on a Kerberos 5 server.
140 If you're installing a Kerberos 5 server, you need to install this
141 package (in other words, most people should NOT install this
142 package).
143
144 %package server-ldap
145 Group: System/Servers
146 Summary: The LDAP storage plugin for the Kerberos 5 KDC
147 Requires: %{name}-server = %{version}-%{release}
148
149 %description server-ldap
150 Kerberos is a network authentication system. The krb5-server package
151 contains the programs that must be installed on a Kerberos 5 key
152 distribution center (KDC). If you are installing a Kerberos 5 KDC,
153 and you wish to use a directory server to store the data for your
154 realm, you need to install this package.
155
156 %package workstation
157 Summary: Kerberos 5 programs for use on workstations
158 Group: System/Base
159 Requires: %{libname} = %{version}-%{release}
160 Requires(post): rpm-helper
161 Requires(preun):rpm-helper
162 Provides: kerberos-workstation
163
164 %description workstation
165 Kerberos is a network authentication system. The krb5-workstation
166 package contains the basic Kerberos programs (kinit, klist, kdestroy,
167 kpasswd). If your network uses Kerberos, this package should be installed
168 on every workstation.
169
170 %package pkinit-openssl
171 Summary: The PKINIT module for Kerberos 5
172 Group: System/Libraries
173 Requires: %{name}-libs = %{version}-%{release}
174
175 %description pkinit-openssl
176 Kerberos is a network authentication system. The krb5-pkinit-openssl
177 package contains the PKINIT plugin, which uses OpenSSL to allow clients
178 to obtain initial credentials from a KDC using a private key and a
179 certificate.
180
181 %prep
182 %setup -q -a 23
183 %patch0 -p1
184 %patch60 -p1 -b .pam
185 %patch61 -p1 -b .manpaths
186 %patch5 -p1 -b .ksu-access
187 %patch6 -p1 -b .ksu-path
188 %patch12 -p1 -b .ktany
189 %patch16 -p1 -b .buildconf
190 %patch23 -p1 -b .dns
191 %patch29 -p1 -b .kprop-mktemp
192 %patch30 -p1 -b .send-pr-tempfile
193 %patch39 -p1 -b .api
194 %patch53 -p1 -b .nodeplibs
195 %patch56 -p1 -b .doublelog
196 %patch58 -p1 -b .key_exp
197 %patch59 -p1 -b .kpasswd_tcp
198 %patch71 -p1 -b .dirsrv-accountlock
199 %patch72 -p1 -b .2010-006
200 %patch73 -p1 -b .2010-007
201 %patch74 -p1 -b .2011-001
202 %patch75 -p1 -b .2011-002
203 %patch76 -p1 -b .2011-003
204 %patch77 -p1 -b .2011-004
205 %patch78 -p1 -b .2011-006
206 %patch79 -p1 -b .CVE-2012-1013
207 %patch80 -p1 -b .CVE-2012-1015
208 %patch81 -p1 -b .CVE-2013-1415
209 %patch82 -p1 -b .CVE-2013-1416
210
211 gzip doc/*.ps
212
213 sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' \
214 doc/api/library.tex
215 sed -i -e '1c\
216 \\documentclass{article}\
217 \\usepackage{fixunder}\
218 \\usepackage{functions}\
219 \\usepackage{fancyheadings}\
220 \\usepackage{hyperref}' doc/implement/implement.tex
221
222 # Take the execute bit off of documentation.
223 chmod -x doc/krb5-protocol/*.txt doc/*.html doc/*/*.html
224
225 # Rename the man pages so that they'll get generated correctly. Uses the
226 # "krb5-1.8-manpaths.txt" source file.
227 pushd src
228 cat %{SOURCE25} | while read manpage ; do
229 mv "$manpage" "$manpage".in
230 done
231 popd
232
233 sed -i s,^attributetype:,attributetypes:,g \
234 src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
235
236 pushd src
237 autoreconf
238
239 %build
240 %serverbuild
241
242 cd src
243 # Work out the CFLAGS and CPPFLAGS which we intend to use.
244 INCLUDES=-I%{_includedir}/et
245 CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC`"
246 CPPFLAGS="`echo $DEFINES $INCLUDES`"
247
248 %configure2_5x \
249 CC="%{__cc}" \
250 CFLAGS="$CFLAGS" \
251 CPPFLAGS="$CPPFLAGS" \
252 --enable-shared \
253 --localstatedir=%{_sysconfdir}/kerberos \
254 --without-krb4 \
255 --enable-dns-for-realm \
256 --enable-pkinit \
257 --without-tcl \
258 --with-system-et \
259 --with-system-ss \
260 --disable-static \
261 --disable-rpath \
262 %if !%bootstrap
263 --with-ldap \
264 %endif
265 --with-pam
266
267 #--with-netlib=-lresolv
268
269 %make
270
271 # Run the test suite. Won't run in the build system because /dev/pts is
272 # not available for telnet tests and so on.
273 # make check TMPDIR=%{_tmppath}
274
275 %install
276 rm -rf %{buildroot}
277
278 # Info docs.
279 mkdir -p %{buildroot}%{_infodir}
280 install -m 644 doc/*.info* %{buildroot}%{_infodir}
281
282 # Sample KDC config files (bundled kdc.conf and kadm5.acl).
283 install -d -m 755 %{buildroot}%{_sysconfdir}/kerberos/krb5kdc
284 install -m 0644 %{SOURCE10} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kdc.conf
285 install -m 0600 %{SOURCE11} %{buildroot}%{_sysconfdir}/kerberos/krb5kdc/kadm5.acl
286
287 # Default configuration file for everything.
288 mkdir -p %{buildroot}%{_sysconfdir}
289 install -m 644 %{SOURCE6} %{buildroot}%{_sysconfdir}/krb5.conf
290
291 # Server init scripts (krb5kdc,kadmind,kpropd) and their sysconfig files.
292 mkdir -p %{buildroot}/etc/rc.d/init.d
293 for init in \
294 %{SOURCE5}\
295 %{SOURCE4} \
296 %{SOURCE2} ; do
297 install -pm 755 ${init} \
298 %{buildroot}/etc/rc.d/init.d/`basename ${init} .init`
299 done
300
301 mkdir -p %{buildroot}%{_sysconfdir}/sysconfig
302 for sysconfig in \
303 %{SOURCE19}\
304 %{SOURCE20} ; do
305 install -pm 644 ${sysconfig} \
306 %{buildroot}%{_sysconfdir}/sysconfig/`basename ${sysconfig} .sysconfig`
307 done
308
309 # portreserve configuration files.
310 mkdir -p %{buildroot}%{_sysconfdir}/portreserve
311 for portreserve in \
312 %{SOURCE30} \
313 %{SOURCE31} \
314 %{SOURCE32} ; do
315 install -pm 644 ${portreserve} \
316 %{buildroot}/%{_sysconfdir}/portreserve/`basename ${portreserve} .portreserve`
317 done
318
319 # PAM configuration files.
320 mkdir -p %{buildroot}%{_sysconfdir}/pam.d/
321 for pam in \
322 %{SOURCE29} ; do
323 install -pm 644 ${pam} \
324 %{buildroot}/%{_sysconfdir}/pam.d/`basename ${pam} .pamd`
325 done
326
327 # Plug-in directories.
328 install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/preauth
329 install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/kdb
330 install -pdm 755 %{buildroot}%{_libdir}/krb5/plugins/authdata
331
332 # The rest of the binaries, headers, libraries, and docs.
333 make -C src \
334 DESTDIR=%{buildroot} \
335 EXAMPLEDIR=%{_docdir}/%{libname}-devel/examples\
336 install
337
338 # logdir
339 install -d %{buildroot}/var/log/kerberos
340
341 # clear the LDFLAGS
342 perl -pi -e "s|^LDFLAGS.*|LDFLAGS=''|g" %{buildroot}%{_bindir}/krb5-config
343
344 # multiarch policy
345 %multiarch_binaries %{buildroot}%{_bindir}/krb5-config
346 %multiarch_includes %{buildroot}%{_includedir}/gssapi/gssapi.h
347 # (gb) this one could be fixed differently and properly using <stdint.h>
348 %multiarch_includes %{buildroot}%{_includedir}/gssrpc/types.h
349 # multiarch_includes %{buildroot}%{_includedir}/krb5/k5-config.h
350 # multiarch_includes %{buildroot}%{_includedir}/krb5/autoconf.h
351 # multiarch_includes %{buildroot}%{_includedir}/krb5/osconf.h
352 %multiarch_includes %{buildroot}%{_includedir}/krb5.h
353
354 %post server
355 %_post_service krb5kdc
356 %_post_service kadmin
357 %_post_service kprop
358 %_install_info krb5-admin.info
359 %_install_info krb5-install.info
360
361 %preun server
362 %_preun_service krb5kdc
363 %_preun_service kadmin
364 %_preun_service kprop
365 %_remove_install_info krb5-admin.info
366 %_remove_install_info krb5-install.info
367
368 %post workstation
369 %_install_info krb5-user.info
370
371 %preun workstation
372 %_remove_install_info krb5-user.info
373
374 %clean
375 rm -rf %{buildroot}
376
377 %files
378 %doc README
379 %config(noreplace) %{_sysconfdir}/krb5.conf
380 %dir %{_sysconfdir}/kerberos
381 %dir %{_libdir}/krb5
382 %dir %{_libdir}/krb5/plugins
383 %{_mandir}/man1/kerberos.1*
384 %{_mandir}/man5/.k5login.5*
385 %{_mandir}/man5/krb5.conf.5*
386
387 %files workstation
388 %doc doc/user*.ps.gz src/config-files/services.append
389 %doc doc/{kdestroy,kinit,klist,kpasswd,ksu}.html
390 %doc doc/krb5-user.html
391 %attr(0755,root,root) %doc src/config-files/convert-config-files
392 %{_infodir}/krb5-user.info*
393
394 %{_bindir}/kdestroy
395 %{_mandir}/man1/kdestroy.1*
396 %{_bindir}/kinit
397 %{_mandir}/man1/kinit.1*
398 %{_bindir}/klist
399 %{_mandir}/man1/klist.1*
400 %{_bindir}/kpasswd
401 %{_mandir}/man1/kpasswd.1*
402
403 %{_bindir}/kvno
404 %{_mandir}/man1/kvno.1*
405 %{_bindir}/kadmin
406 %{_mandir}/man1/kadmin.1*
407 %{_bindir}/k5srvutil
408 %{_mandir}/man1/k5srvutil.1*
409 %{_bindir}/ktutil
410 %{_mandir}/man1/ktutil.1*
411
412 %attr(4755,root,root) %{_bindir}/ksu
413 %{_mandir}/man1/ksu.1*
414 %config(noreplace) /etc/pam.d/ksu
415
416 # Problem-reporting tool
417 %{_datadir}/gnats
418 %{_sbindir}/krb5-send-pr
419 %{_mandir}/man1/krb5-send-pr.1*
420
421
422 %files server
423 %{_initrddir}/krb5kdc
424 %{_initrddir}/kadmin
425 %{_initrddir}/kprop
426 %config(noreplace) %{_sysconfdir}/sysconfig/krb5kdc
427 %config(noreplace) %{_sysconfdir}/sysconfig/kadmin
428 %config(noreplace) %{_sysconfdir}/portreserve/kerberos-iv
429 %config(noreplace) %{_sysconfdir}/portreserve/kerberos-adm
430 %config(noreplace) %{_sysconfdir}/portreserve/krb5_prop
431
432 %doc doc/admin*.ps.gz
433 %doc doc/install*.ps.gz
434 %doc doc/krb5-admin.html
435 %doc doc/krb5-install.html
436 %{_infodir}/krb5-admin.info*
437 %{_infodir}/krb5-install.info*
438 %dir /var/log/kerberos
439 %dir %{_sysconfdir}/kerberos/krb5kdc
440 %config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kdc.conf
441 %config(noreplace) %{_sysconfdir}/kerberos/krb5kdc/kadm5.acl
442 %{_mandir}/man5/kdc.conf.5*
443 %{_sbindir}/kadmin.local
444 %{_mandir}/man8/kadmin.local.8*
445 %{_sbindir}/kadmind
446 %{_mandir}/man8/kadmind.8*
447 %{_sbindir}/kdb5_util
448 %{_mandir}/man8/kdb5_util.8*
449 %if !%bootstrap
450 %{_sbindir}/kdb5_ldap_util
451 %{_mandir}/man8/kdb5_ldap_util.8*
452 %endif
453 %{_sbindir}/kprop
454 %{_mandir}/man8/kprop.8*
455 %{_sbindir}/kpropd
456 %{_mandir}/man8/kpropd.8*
457 %{_sbindir}/kproplog
458 %{_mandir}/man8/kproplog.8*
459 %{_sbindir}/krb5kdc
460 %{_mandir}/man8/krb5kdc.8*
461 %{_sbindir}/sim_server
462
463 # This is here for people who want to test their server, and also
464 # included in devel package for similar reasons.
465 %{_bindir}/sclient
466 %{_mandir}/man1/sclient.1*
467 %{_sbindir}/sserver
468 %{_mandir}/man8/sserver.8*
469
470 %dir %{_libdir}/krb5
471 %dir %{_libdir}/krb5/plugins
472 %dir %{_libdir}/krb5/plugins/kdb
473 %dir %{_libdir}/krb5/plugins/preauth
474 %dir %{_libdir}/krb5/plugins/authdata
475
476
477 %files -n %{libname}
478 %{_libdir}/libgssapi_krb5.so.*
479 %{_libdir}/libgssrpc.so.*
480 %{_libdir}/libk5crypto.so.*
481 %{_libdir}/libkrb5.so.*
482 %{_libdir}/libkrb5support.so.*
483 %{_libdir}/libkadm5clnt_mit.so.*
484 %{_libdir}/libkadm5srv_mit.so.*
485 %{_libdir}/libkdb5.so.*
486 %dir %{_libdir}/krb5
487 %dir %{_libdir}/krb5/plugins
488 %dir %{_libdir}/krb5/plugins/*
489 %{_libdir}/krb5/plugins/preauth/encrypted_challenge.so
490 %{_libdir}/krb5/plugins/kdb/db2.so
491
492 %files -n %{libname}-devel
493 %doc doc/api
494 %doc doc/implement
495 %doc doc/kadm5
496 %doc doc/kadmin
497 %doc doc/krb5-protocol
498 %doc doc/rpc
499 %multiarch %{multiarch_bindir}/krb5-config
500 %multiarch %{multiarch_includedir}/gssapi/gssapi.h
501 %multiarch %{multiarch_includedir}/gssrpc/types.h
502 %multiarch %{multiarch_includedir}/krb5.h
503 %{_includedir}/*.h
504 %{_includedir}/gssapi
505 %{_includedir}/gssrpc
506 %{_includedir}/kadm5
507 %{_includedir}/krb5
508 %{_bindir}/krb5-config
509 %{_libdir}/libgssapi_krb5.so
510 %{_libdir}/libgssrpc.so
511 %{_libdir}/libk5crypto.so
512 %{_libdir}/libkadm5clnt.so
513 %{_libdir}/libkadm5clnt_mit.so
514 %{_libdir}/libkadm5srv.so
515 %{_libdir}/libkadm5srv_mit.so
516 %{_libdir}/libkdb5.so
517 %{_libdir}/libkrb5.so
518 %{_libdir}/libkrb5support.so
519 %{_bindir}/sclient
520 %{_mandir}/man1/sclient.1*
521 %{_sbindir}/sserver
522 %{_mandir}/man8/sserver.8*
523 %{_mandir}/man1/krb5-config.1*
524
525 # Protocol test clients
526 %{_bindir}/sim_client
527 %{_bindir}/gss-client
528 %{_bindir}/uuclient
529
530 # Protocol test servers
531 %{_sbindir}/gss-server
532 %{_sbindir}/uuserver
533 %{_mandir}/man5/.k5login.5*
534 %{_mandir}/man5/krb5.conf.5*
535
536 %files pkinit-openssl
537 %dir %{_libdir}/krb5
538 %dir %{_libdir}/krb5/plugins
539 %dir %{_libdir}/krb5/plugins/preauth
540 %{_libdir}/krb5/plugins/preauth/pkinit.so
541
542 %files server-ldap
543 %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
544 %doc src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema
545 %dir %{_libdir}/krb5
546 %dir %{_libdir}/krb5/plugins
547 %dir %{_libdir}/krb5/plugins/kdb
548 %if !%bootstrap
549 %{_libdir}/krb5/plugins/kdb/kldap.so
550 %{_libdir}/libkdb_ldap.so
551 %{_libdir}/libkdb_ldap.so.*
552 %{_sbindir}/kdb5_ldap_util
553 %endif
554
  ViewVC Help
Powered by ViewVC 1.1.30