From ebe2f14d13d4affdfc1c1cbec9468f389c942b56cf3c19420ba034a6ab2491ae Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Sun, 13 Jan 2013 16:54:32 +0000 Subject: [PATCH] - update to version 1.11 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - revert the -p usage in %postun to fix SLE build - update to version 1.11 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=81 --- krb5-1.10-buildconf.patch | 22 +- krb5-1.10-gcc47.patch | 12 - krb5-1.10-selinux-label.patch | 999 ---------------------------------- krb5-1.10.2.tar.bz2 | 3 - krb5-1.11.tar.bz2 | 3 + krb5-1.3.5-perlfix.dif | 9 - krb5-1.6.3-ktutil-manpage.dif | 17 +- krb5-1.8-manpaths.txt | 7 - krb5-1.8-pam.patch | 40 +- krb5-1.9-kprop-mktemp.patch | 10 +- krb5-1.9-manpaths.dif | 212 +------- krb5-doc-rpmlintrc | 2 - krb5-doc.changes | 196 ------- krb5-doc.spec | 91 ---- krb5-mini.changes | 16 + krb5-mini.spec | 94 ++-- krb5.changes | 11 + krb5.spec | 88 +-- 18 files changed, 190 insertions(+), 1642 deletions(-) delete mode 100644 krb5-1.10-gcc47.patch delete mode 100644 krb5-1.10-selinux-label.patch delete mode 100644 krb5-1.10.2.tar.bz2 create mode 100644 krb5-1.11.tar.bz2 delete mode 100644 krb5-1.3.5-perlfix.dif delete mode 100644 krb5-1.8-manpaths.txt delete mode 100644 krb5-doc-rpmlintrc delete mode 100644 krb5-doc.changes delete mode 100644 krb5-doc.spec diff --git a/krb5-1.10-buildconf.patch b/krb5-1.10-buildconf.patch index d7f5ed9..b62e1cf 100644 --- a/krb5-1.10-buildconf.patch +++ b/krb5-1.10-buildconf.patch @@ -4,10 +4,10 @@ the -L/usr/lib* and PIE flags where they might leak out and affect apps which just want to link with the libraries. FIXME: needs to check and not just assume that the compiler supports using these flags. -Index: krb5-1.10.2/src/config/shlib.conf +Index: krb5-1.11/src/config/shlib.conf =================================================================== ---- krb5-1.10.2.orig/src/config/shlib.conf -+++ krb5-1.10.2/src/config/shlib.conf +--- krb5-1.11.orig/src/config/shlib.conf ++++ krb5-1.11/src/config/shlib.conf @@ -419,7 +419,7 @@ mips-*-netbsd*) SHLIBEXT=.so # Linux ld doesn't default to stuffing the SONAME field... @@ -27,11 +27,11 @@ Index: krb5-1.10.2/src/config/shlib.conf CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' -Index: krb5-1.10.2/src/krb5-config.in +Index: krb5-1.11/src/krb5-config.in =================================================================== ---- krb5-1.10.2.orig/src/krb5-config.in -+++ krb5-1.10.2/src/krb5-config.in -@@ -189,6 +189,13 @@ if test -n "$do_libs"; then +--- krb5-1.11.orig/src/krb5-config.in ++++ krb5-1.11/src/krb5-config.in +@@ -221,6 +221,13 @@ if test -n "$do_libs"; then -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -e 's#\$(CFLAGS)##'` @@ -45,11 +45,11 @@ Index: krb5-1.10.2/src/krb5-config.in if test $library = 'kdb'; then lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" library=krb5 -Index: krb5-1.10.2/src/config/pre.in +Index: krb5-1.11/src/config/pre.in =================================================================== ---- krb5-1.10.2.orig/src/config/pre.in -+++ krb5-1.10.2/src/config/pre.in -@@ -190,7 +190,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST +--- krb5-1.11.orig/src/config/pre.in ++++ krb5-1.11/src/config/pre.in +@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST INSTALL_SCRIPT=@INSTALL_PROGRAM@ INSTALL_DATA=@INSTALL_DATA@ INSTALL_SHLIB=@INSTALL_SHLIB@ diff --git a/krb5-1.10-gcc47.patch b/krb5-1.10-gcc47.patch deleted file mode 100644 index 5831fba..0000000 --- a/krb5-1.10-gcc47.patch +++ /dev/null @@ -1,12 +0,0 @@ -This file also triggers the maybe-uninitialized warning/error. RT#7080 - ---- src/lib/krb5/krb/x-deltat.y -+++ src/lib/krb5/krb/x-deltat.y -@@ -44,6 +44,7 @@ - #ifdef __GNUC__ - #pragma GCC diagnostic push - #pragma GCC diagnostic ignored "-Wuninitialized" -+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized" - #endif - - #include diff --git a/krb5-1.10-selinux-label.patch b/krb5-1.10-selinux-label.patch deleted file mode 100644 index bf9a9f0..0000000 --- a/krb5-1.10-selinux-label.patch +++ /dev/null @@ -1,999 +0,0 @@ -SELinux bases access to files on the domain of the requesting process, -the operation being performed, and the context applied to the file. - -In many cases, applications needn't be SELinux aware to work properly, -because SELinux can apply a default label to a file based on the label -of the directory in which it's created. - -In the case of files such as /etc/krb5.keytab, however, this isn't -sufficient, as /etc/krb5.keytab will almost always need to be given a -label which differs from that of /etc/issue or /etc/resolv.conf. The -the kdb stash file needs a different label than the database for which -it's holding a master key, even though both typically live in the same -directory. - -To give the file the correct label, we can either force a "restorecon" -call to fix a file's label after it's created, or create the file with -the right label, as we attempt to do here. We lean on THREEPARAMOPEN -and define a similar macro named WRITABLEFOPEN with which we replace -several uses of fopen(). - -The file creation context that we're manipulating here is a process-wide -attribute. While for the most part, applications which need to label -files when they're created have tended to be single-threaded, there's -not much we can do to avoid interfering with an application that -manipulates the creation context directly. Right now we're mediating -access using a library-local mutex, but that can only work for consumers -that are part of this package -- an unsuspecting application will still -stomp all over us. - -The selabel APIs for looking up the context should be thread-safe (per -Red Hat #273081), so switching to using them instead of matchpathcon(), -which we used earlier, is some improvement. - -Index: krb5-1.10.2/src/aclocal.m4 -=================================================================== ---- krb5-1.10.2.orig/src/aclocal.m4 -+++ krb5-1.10.2/src/aclocal.m4 -@@ -84,6 +84,7 @@ AC_SUBST_FILE(libnodeps_frag) - dnl - KRB5_AC_PRAGMA_WEAK_REF - WITH_LDAP -+KRB5_WITH_SELINUX - KRB5_LIB_PARAMS - KRB5_AC_INITFINI - KRB5_AC_ENABLE_THREADS -@@ -1764,3 +1765,51 @@ AC_SUBST(manlocalstatedir) - AC_SUBST(manlibexecdir) - AC_CONFIG_FILES($1) - ]) -+dnl -+dnl Use libselinux to set file contexts on newly-created files. -+dnl -+AC_DEFUN(KRB5_WITH_SELINUX,[ -+AC_ARG_WITH(selinux,[AC_HELP_STRING(--with-selinux,[compile with SELinux labeling support])], -+ withselinux="$withval",withselinux=auto) -+old_LIBS="$LIBS" -+if test "$withselinux" != no ; then -+ AC_MSG_RESULT([checking for libselinux...]) -+ SELINUX_LIBS= -+ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h) -+ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then -+ if test "$withselinux" = auto ; then -+ AC_MSG_RESULT([Unable to locate selinux/selinux.h.]) -+ withselinux=no -+ else -+ AC_MSG_ERROR([Unable to locate selinux/selinux.h.]) -+ fi -+ fi -+ -+ LIBS= -+ unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon selabel_open) -+ if test "x$ac_cv_func_setfscreatecon" = xno ; then -+ AC_CHECK_LIB(selinux,setfscreatecon) -+ unset ac_cv_func_setfscreatecon -+ AC_CHECK_FUNCS(setfscreatecon selabel_open) -+ if test "x$ac_cv_func_setfscreatecon" = xyes ; then -+ SELINUX_LIBS="$LIBS" -+ else -+ if test "$withselinux" = auto ; then -+ AC_MSG_RESULT([Unable to locate libselinux.]) -+ withselinux=no -+ else -+ AC_MSG_ERROR([Unable to locate libselinux.]) -+ fi -+ fi -+ fi -+ if test "$withselinux" != no ; then -+ AC_MSG_NOTICE([building with SELinux labeling support]) -+ AC_DEFINE(USE_SELINUX,1,[Define if Kerberos-aware tools should set SELinux file contexts when creating files.]) -+ SELINUX_LIBS="$LIBS" -+ EXTRA_SUPPORT_SYMS="$EXTRA_SUPPORT_SYMS krb5int_labeled_open krb5int_labeled_fopen krb5int_push_fscreatecon_for krb5int_pop_fscreatecon" -+ fi -+fi -+LIBS="$old_LIBS" -+AC_SUBST(SELINUX_LIBS) -+])dnl -Index: krb5-1.10.2/src/config/pre.in -=================================================================== ---- krb5-1.10.2.orig/src/config/pre.in -+++ krb5-1.10.2/src/config/pre.in -@@ -182,6 +182,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PR - LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@ - LDARGS = @LDARGS@ - LIBS = @LIBS@ -+SELINUX_LIBS=@SELINUX_LIBS@ - - INSTALL=@INSTALL@ - INSTALL_STRIP= -@@ -406,7 +407,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) - # HESIOD_LIBS is -lhesiod... - HESIOD_LIBS = @HESIOD_LIBS@ - --KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(DL_LIB) -+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB) - KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) - GSS_LIBS = $(GSS_KRB5_LIB) - # needs fixing if ever used on Mac OS X! -Index: krb5-1.10.2/src/configure.in -=================================================================== ---- krb5-1.10.2.orig/src/configure.in -+++ krb5-1.10.2/src/configure.in -@@ -1248,6 +1248,8 @@ AC_SUBST(localedir) - - KRB5_WITH_PAM - -+KRB5_WITH_SELINUX -+ - AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) - - V5_AC_OUTPUT_MANPAGE([ -Index: krb5-1.10.2/src/include/k5-int.h -=================================================================== ---- krb5-1.10.2.orig/src/include/k5-int.h -+++ krb5-1.10.2/src/include/k5-int.h -@@ -135,6 +135,7 @@ typedef unsigned char u_char; - typedef UINT64_TYPE krb5_ui_8; - typedef INT64_TYPE krb5_int64; - -+#include "k5-label.h" - - #define DEFAULT_PWD_STRING1 "Enter password" - #define DEFAULT_PWD_STRING2 "Re-enter password for verification" -Index: krb5-1.10.2/src/include/k5-label.h -=================================================================== ---- /dev/null -+++ krb5-1.10.2/src/include/k5-label.h -@@ -0,0 +1,32 @@ -+#ifndef _KRB5_LABEL_H -+#define _KRB5_LABEL_H -+ -+#ifdef THREEPARAMOPEN -+#undef THREEPARAMOPEN -+#endif -+#ifdef WRITABLEFOPEN -+#undef WRITABLEFOPEN -+#endif -+ -+/* Wrapper functions which help us create files and directories with the right -+ * context labels. */ -+#ifdef USE_SELINUX -+#include -+#include -+#include -+#include -+#include -+FILE *krb5int_labeled_fopen(const char *path, const char *mode); -+int krb5int_labeled_creat(const char *path, mode_t mode); -+int krb5int_labeled_open(const char *path, int flags, ...); -+int krb5int_labeled_mkdir(const char *path, mode_t mode); -+int krb5int_labeled_mknod(const char *path, mode_t mode, dev_t device); -+#define THREEPARAMOPEN(x,y,z) krb5int_labeled_open(x,y,z) -+#define WRITABLEFOPEN(x,y) krb5int_labeled_fopen(x,y) -+void *krb5int_push_fscreatecon_for(const char *pathname); -+void krb5int_pop_fscreatecon(void *previous); -+#else -+#define WRITABLEFOPEN(x,y) fopen(x,y) -+#define THREEPARAMOPEN(x,y,z) open(x,y,z) -+#endif -+#endif -Index: krb5-1.10.2/src/include/krb5/krb5.hin -=================================================================== ---- krb5-1.10.2.orig/src/include/krb5/krb5.hin -+++ krb5-1.10.2/src/include/krb5/krb5.hin -@@ -83,6 +83,12 @@ - #define THREEPARAMOPEN(x,y,z) open(x,y,z) - #endif - -+#if KRB5_PRIVATE -+#ifndef WRITABLEFOPEN -+#define WRITABLEFOPEN(x,y) fopen(x,y) -+#endif -+#endif -+ - #define KRB5_OLD_CRYPTO - - #include -Index: krb5-1.10.2/src/kadmin/dbutil/dump.c -=================================================================== ---- krb5-1.10.2.orig/src/kadmin/dbutil/dump.c -+++ krb5-1.10.2/src/kadmin/dbutil/dump.c -@@ -346,7 +346,7 @@ void update_ok_file (file_name) - exit_status++; - return; - } -- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { -+ if ((fd = THREEPARAMOPEN(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) { - com_err(progname, errno, _("while creating 'ok' file, '%s'"), - file_ok); - exit_status++; -@@ -1251,7 +1251,7 @@ dump_db(argc, argv) - * want to get into. - */ - unlink(ofile); -- if (!(f = fopen(ofile, "w"))) { -+ if (!(f = WRITABLEFOPEN(ofile, "w"))) { - fprintf(stderr, ofopen_error, - progname, ofile, error_message(errno)); - exit_status++; -Index: krb5-1.10.2/src/krb5-config.in -=================================================================== ---- krb5-1.10.2.orig/src/krb5-config.in -+++ krb5-1.10.2/src/krb5-config.in -@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@' - PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@' - PTHREAD_CFLAGS='@PTHREAD_CFLAGS@' - DL_LIB='@DL_LIB@' -+SELINUX_LIBS='@SELINUX_LIBS@' - - LIBS='@LIBS@' - GEN_LIB=@GEN_LIB@ -@@ -218,7 +219,7 @@ if test -n "$do_libs"; then - fi - - # If we ever support a flag to generate output suitable for static -- # linking, we would output "-lkrb5support $GEN_LIB $LIBS $DL_LIB" -+ # linking, we would output "-lkrb5support $GEN_LIB $LIBS $SELINUX_LIBS $DL_LIB" - # here. - - echo $lib_flags -Index: krb5-1.10.2/src/lib/kadm5/logger.c -=================================================================== ---- krb5-1.10.2.orig/src/lib/kadm5/logger.c -+++ krb5-1.10.2/src/lib/kadm5/logger.c -@@ -423,7 +423,7 @@ krb5_klog_init(krb5_context kcontext, ch - * Check for append/overwrite, then open the file. - */ - if (cp[4] == ':' || cp[4] == '=') { -- f = fopen(&cp[5], (cp[4] == ':') ? "a" : "w"); -+ f = WRITABLEFOPEN(&cp[5], (cp[4] == ':') ? "a" : "w"); - if (f) { - set_cloexec_file(f); - log_control.log_entries[i].lfu_filep = f; -@@ -959,7 +959,7 @@ krb5_klog_reopen(krb5_context kcontext) - * In case the old logfile did not get moved out of the - * way, open for append to prevent squashing the old logs. - */ -- f = fopen(log_control.log_entries[lindex].lfu_fname, "a+"); -+ f = WRITABLEFOPEN(log_control.log_entries[lindex].lfu_fname, "a+"); - if (f) { - set_cloexec_file(f); - log_control.log_entries[lindex].lfu_filep = f; -Index: krb5-1.10.2/src/lib/krb5/keytab/kt_file.c -=================================================================== ---- krb5-1.10.2.orig/src/lib/krb5/keytab/kt_file.c -+++ krb5-1.10.2/src/lib/krb5/keytab/kt_file.c -@@ -1039,7 +1039,7 @@ krb5_ktfileint_open(krb5_context context - - KTCHECKLOCK(id); - errno = 0; -- KTFILEP(id) = fopen(KTFILENAME(id), -+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), - (mode == KRB5_LOCKMODE_EXCLUSIVE) ? - fopen_mode_rbplus : fopen_mode_rb); - if (!KTFILEP(id)) { -@@ -1047,7 +1047,7 @@ krb5_ktfileint_open(krb5_context context - /* try making it first time around */ - krb5_create_secure_file(context, KTFILENAME(id)); - errno = 0; -- KTFILEP(id) = fopen(KTFILENAME(id), fopen_mode_rbplus); -+ KTFILEP(id) = WRITABLEFOPEN(KTFILENAME(id), fopen_mode_rbplus); - if (!KTFILEP(id)) - goto report_errno; - writevno = 1; -Index: krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/adb_openclose.c -+++ krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c -@@ -197,7 +197,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char - * POSIX systems - */ - lockp->lockinfo.filename = strdup(lockfilename); -- if ((lockp->lockinfo.lockfile = fopen(lockfilename, "r+")) == NULL) { -+ if ((lockp->lockinfo.lockfile = WRITABLEFOPEN(lockfilename, "r+")) == NULL) { - /* - * maybe someone took away write permission so we could only - * get shared locks? -Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c -+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c -@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8. - - #include "k5-platform.h" /* mkstemp? */ - -+#include "k5-int.h" - #include "db-int.h" - #include "btree.h" - -@@ -203,7 +204,7 @@ __bt_open(fname, flags, mode, openinfo, - goto einval; - } - -- if ((t->bt_fd = open(fname, flags | O_BINARY, mode)) < 0) -+ if ((t->bt_fd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) - goto err; - - } else { -Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/hash/hash.c -+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c -@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 - #include - #endif - -+#include "k5-int.h" - #include "db-int.h" - #include "hash.h" - #include "page.h" -@@ -140,7 +141,7 @@ __kdb2_hash_open(file, flags, mode, info - new_table = 1; - } - if (file) { -- if ((hashp->fp = open(file, flags|O_BINARY, mode)) == -1) -+ if ((hashp->fp = THREEPARAMOPEN(file, flags|O_BINARY, mode)) == -1) - RETURN_ERROR(errno, error0); - (void)fcntl(hashp->fp, F_SETFD, 1); - } -Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/test/Makefile.in -+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in -@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR) - - KRB5_RUN_ENV= @KRB5_RUN_ENV@ - --DB_LIB = -ldb -+DB_LIB = -ldb $(SUPPORT_DEPLIB) -+ - DB_DEPLIB = ../libdb$(DEPLIBEXT) - - all:: -Index: krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -+++ krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c -@@ -1088,7 +1088,7 @@ rem_service_entry_from_file(int argc, ch - - /* Create a temporary file which contains all the entries except the - entry for the given service dn */ -- pfile = fopen(file_name, "r+"); -+ pfile = WRITABLEFOPEN(file_name, "r+"); - if (pfile == NULL) { - com_err(me, errno, "while deleting entry from file %s", file_name); - goto cleanup; -@@ -1105,7 +1105,7 @@ rem_service_entry_from_file(int argc, ch - snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp"); - - -- tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR); -+ tmpfd = THREEPARAMOPEN(tmp_file, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR); - umask(omask); - if (tmpfd == -1) { - com_err(me, errno, "while deleting entry from file\n"); -@@ -1725,7 +1725,7 @@ kdb5_ldap_set_service_password(int argc, - - printf("File does not exist. Creating the file %s...\n", file_name); - omask = umask(077); -- fd = creat(file_name, S_IRUSR|S_IWUSR); -+ fd = THREEPARAMOPEN(file_name, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR); - umask(omask); - if (fd == -1) { - com_err(me, errno, "Error creating file %s", file_name); -@@ -1753,7 +1753,7 @@ kdb5_ldap_set_service_password(int argc, - - /* TODO: file lock for the service password file */ - /* set password in the file */ -- pfile = fopen(file_name, "r+"); -+ pfile = WRITABLEFOPEN(file_name, "r+"); - if (pfile == NULL) { - com_err(me, errno, "Failed to open file %s", file_name); - goto cleanup; -@@ -1794,7 +1794,7 @@ kdb5_ldap_set_service_password(int argc, - } - - omask = umask(077); -- newfile = fopen(tmp_file, "w+"); -+ newfile = WRITABLEFOPEN(tmp_file, "w+"); - umask(omask); - if (newfile == NULL) { - com_err(me, errno, "Error creating file %s", tmp_file); -@@ -2016,7 +2016,7 @@ done: - - /* set password in the file */ - old_mode = umask(0177); -- pfile = fopen(file_name, "a+"); -+ pfile = WRITABLEFOPEN(file_name, "a+"); - if (pfile == NULL) { - com_err(me, errno, _("Failed to open file %s: %s"), file_name, - strerror (errno)); -@@ -2068,7 +2068,7 @@ done: - } - - omask = umask(077); -- newfile = fopen(tmp_file, "w"); -+ newfile = WRITABLEFOPEN(tmp_file, "w"); - umask (omask); - if (newfile == NULL) { - com_err(me, errno, _("Error creating file %s"), tmp_file); -Index: krb5-1.10.2/src/slave/kpropd.c -=================================================================== ---- krb5-1.10.2.orig/src/slave/kpropd.c -+++ krb5-1.10.2/src/slave/kpropd.c -@@ -336,7 +336,7 @@ retry: - if (!debug && iproprole != IPROP_SLAVE) - daemon(1, 0); - #ifdef PID_FILE -- if ((pidfile = fopen(PID_FILE, "w")) != NULL) { -+ if ((pidfile = WRITABLEFOPEN(PID_FILE, "w")) != NULL) { - fprintf(pidfile, "%d\n", getpid()); - fclose(pidfile); - } else -@@ -437,6 +437,9 @@ void doit(fd) - krb5_enctype etype; - int database_fd; - char host[INET6_ADDRSTRLEN+1]; -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (kpropd_context->kdblog_context && - kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) { -@@ -515,9 +518,15 @@ void doit(fd) - free(name); - exit(1); - } -+#ifdef USE_SELINUX -+ selabel = krb5int_push_fscreatecon_for(file); -+#endif - omask = umask(077); - lock_fd = open(temp_file_name, O_RDWR|O_CREAT, 0600); - (void) umask(omask); -+#ifdef USE_SELINUX -+ krb5int_pop_fscreatecon(selabel); -+#endif - retval = krb5_lock_file(kpropd_context, lock_fd, - KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK); - if (retval) { -Index: krb5-1.10.2/src/util/profile/prof_file.c -=================================================================== ---- krb5-1.10.2.orig/src/util/profile/prof_file.c -+++ krb5-1.10.2/src/util/profile/prof_file.c -@@ -30,6 +30,7 @@ - #endif - - #include "k5-platform.h" -+#include "k5-label.h" - - struct global_shared_profile_data { - /* This is the head of the global list of shared trees */ -@@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_ - - errno = 0; - -- f = fopen(new_file, "w"); -+ f = WRITABLEFOPEN(new_file, "w"); - if (!f) { - retval = errno; - if (retval == 0) -Index: krb5-1.10.2/src/util/support/Makefile.in -=================================================================== ---- krb5-1.10.2.orig/src/util/support/Makefile.in -+++ krb5-1.10.2/src/util/support/Makefile.in -@@ -64,6 +64,7 @@ IPC_SYMS= \ - - STLIBOBJS= \ - threads.o \ -+ selinux.o \ - init-addrinfo.o \ - plugins.o \ - errors.o \ -@@ -127,7 +128,7 @@ SRCS=\ - - SHLIB_EXPDEPS = - # Add -lm if dumping thread stats, for sqrt. --SHLIB_EXPLIBS= $(LIBS) $(DL_LIB) -+SHLIB_EXPLIBS= $(LIBS) $(SELINUX_LIBS) $(DL_LIB) - SHLIB_DIRS= - SHLIB_RDIRS=$(KRB5_LIBDIR) - -Index: krb5-1.10.2/src/util/support/selinux.c -=================================================================== ---- /dev/null -+++ krb5-1.10.2/src/util/support/selinux.c -@@ -0,0 +1,372 @@ -+/* -+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved. -+ * -+ * Redistribution and use in source and binary forms, with or without -+ * modification, are permitted provided that the following conditions are met: -+ * -+ * Redistributions of source code must retain the above copyright notice, this -+ * list of conditions and the following disclaimer. -+ * -+ * Redistributions in binary form must reproduce the above copyright notice, -+ * this list of conditions and the following disclaimer in the documentation -+ * and/or other materials provided with the distribution. -+ * -+ * Neither the name of Red Hat, Inc. nor the names of its contributors may be -+ * used to endorse or promote products derived from this software without -+ * specific prior written permission. -+ * -+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -+ * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE -+ * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -+ * POSSIBILITY OF SUCH DAMAGE. -+ * -+ * File-opening wrappers for creating correctly-labeled files. So far, we can -+ * assume that this is Linux-specific, so we make many simplifying assumptions. -+ */ -+ -+#include "../../include/autoconf.h" -+ -+#ifdef USE_SELINUX -+ -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#include -+#ifdef HAVE_SELINUX_LABEL_H -+#include -+#endif -+ -+/* #define DEBUG 1 */ -+ -+/* Mutex used to serialize use of the process-global file creation context. */ -+k5_mutex_t labeled_mutex = K5_MUTEX_PARTIAL_INITIALIZER; -+ -+/* Make sure we finish initializing that mutex before attempting to use it. */ -+k5_once_t labeled_once = K5_ONCE_INIT; -+static void -+label_mutex_init(void) -+{ -+ k5_mutex_finish_init(&labeled_mutex); -+} -+ -+static security_context_t -+push_fscreatecon(const char *pathname, mode_t mode) -+{ -+ security_context_t previous, configuredsc, currentsc, derivedsc; -+ context_t current, derived; -+ const char *fullpath, *currentuser; -+#ifdef HAVE_SELINUX_LABEL_H -+ struct selabel_handle *ctx; -+#endif -+ -+ previous = NULL; -+ if (is_selinux_enabled()) { -+ if (getfscreatecon(&previous) == 0) { -+ char *genpath; -+ genpath = NULL; -+ if (pathname[0] != '/') { -+ char *wd; -+ size_t len; -+ len = 0; -+ wd = getcwd(NULL, len); -+ if (wd == NULL) { -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+ len = strlen(wd) + 1 + strlen(pathname) + 1; -+ genpath = malloc(len); -+ if (genpath == NULL) { -+ free(wd); -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+ sprintf(genpath, "%s/%s", wd, pathname); -+ free(wd); -+ fullpath = genpath; -+ } else { -+ fullpath = pathname; -+ } -+#ifdef DEBUG -+ if (isatty(fileno(stderr))) { -+ fprintf(stderr, "Looking up context for " -+ "\"%s\"(%05o).\n", fullpath, mode); -+ } -+#endif -+ configuredsc = NULL; -+#ifdef HAVE_SELINUX_LABEL_H -+ ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0); -+ if (ctx != NULL) { -+ if (selabel_lookup(ctx, &configuredsc, -+ fullpath, mode) != 0) { -+ selabel_close(ctx); -+ free(genpath); -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+ selabel_close(ctx); -+ } -+#else -+ if (matchpathcon(fullpath, mode, &configuredsc) != 0) { -+ free(genpath); -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+#endif -+ free(genpath); -+ if (configuredsc == NULL) { -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+ currentsc = NULL; -+ getcon(¤tsc); -+ if (currentsc != NULL) { -+ derived = context_new(configuredsc); -+ if (derived != NULL) { -+ current = context_new(currentsc); -+ if (current != NULL) { -+ currentuser = context_user_get(current); -+ if (currentuser != NULL) { -+ if (context_user_set(derived, -+ currentuser) == 0) { -+ derivedsc = context_str(derived); -+ if (derivedsc != NULL) { -+ freecon(configuredsc); -+ configuredsc = strdup(derivedsc); -+ } -+ } -+ } -+ context_free(current); -+ } -+ context_free(derived); -+ } -+ freecon(currentsc); -+ } -+#ifdef DEBUG -+ if (isatty(fileno(stderr))) { -+ fprintf(stderr, "Setting file creation context " -+ "to \"%s\".\n", configuredsc); -+ } -+#endif -+ if (setfscreatecon(configuredsc) != 0) { -+ freecon(configuredsc); -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ return NULL; -+ } -+ freecon(configuredsc); -+#ifdef DEBUG -+ } else { -+ if (isatty(fileno(stderr))) { -+ fprintf(stderr, "Unable to determine " -+ "current context.\n"); -+ } -+#endif -+ } -+ } -+ return previous; -+} -+ -+static void -+pop_fscreatecon(security_context_t previous) -+{ -+ if (is_selinux_enabled()) { -+#ifdef DEBUG -+ if (isatty(fileno(stderr))) { -+ if (previous != NULL) { -+ fprintf(stderr, "Resetting file creation " -+ "context to \"%s\".\n", previous); -+ } else { -+ fprintf(stderr, "Resetting file creation " -+ "context to default.\n"); -+ } -+ } -+#endif -+ setfscreatecon(previous); -+ if (previous != NULL) { -+ freecon(previous); -+ } -+ } -+} -+ -+void * -+krb5int_push_fscreatecon_for(const char *pathname) -+{ -+ struct stat st; -+ void *retval; -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ if (stat(pathname, &st) != 0) { -+ st.st_mode = S_IRUSR | S_IWUSR; -+ } -+ retval = push_fscreatecon(pathname, st.st_mode); -+ return retval ? retval : (void *) -1; -+ } else { -+ return NULL; -+ } -+} -+ -+void -+krb5int_pop_fscreatecon(void *con) -+{ -+ if (con != NULL) { -+ pop_fscreatecon((con == (void *) -1) ? NULL : con); -+ k5_mutex_unlock(&labeled_mutex); -+ } -+} -+ -+FILE * -+krb5int_labeled_fopen(const char *path, const char *mode) -+{ -+ FILE *fp; -+ int errno_save; -+ security_context_t ctx; -+ -+ if (strcmp(mode, "r") == 0) { -+ return fopen(path, mode); -+ } -+ -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ ctx = push_fscreatecon(path, 0); -+ fp = fopen(path, mode); -+ errno_save = errno; -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ errno = errno_save; -+ } else { -+ fp = fopen(path, mode); -+ } -+ -+ return fp; -+} -+ -+int -+krb5int_labeled_creat(const char *path, mode_t mode) -+{ -+ int fd; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ ctx = push_fscreatecon(path, 0); -+ fd = creat(path, mode); -+ errno_save = errno; -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ errno = errno_save; -+ } else { -+ fd = creat(path, mode); -+ } -+ return fd; -+} -+ -+int -+krb5int_labeled_mknod(const char *path, mode_t mode, dev_t dev) -+{ -+ int ret; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ ctx = push_fscreatecon(path, mode); -+ ret = mknod(path, mode, dev); -+ errno_save = errno; -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ errno = errno_save; -+ } else { -+ ret = mknod(path, mode, dev); -+ } -+ return ret; -+} -+ -+int -+krb5int_labeled_mkdir(const char *path, mode_t mode) -+{ -+ int ret; -+ int errno_save; -+ security_context_t ctx; -+ -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ ctx = push_fscreatecon(path, S_IFDIR); -+ ret = mkdir(path, mode); -+ errno_save = errno; -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ errno = errno_save; -+ } else { -+ ret = mkdir(path, mode); -+ } -+ return ret; -+} -+ -+int -+krb5int_labeled_open(const char *path, int flags, ...) -+{ -+ int fd; -+ int errno_save; -+ security_context_t ctx; -+ mode_t mode; -+ va_list ap; -+ -+ if ((flags & O_CREAT) == 0) { -+ return open(path, flags); -+ } -+ -+ k5_once(&labeled_once, label_mutex_init); -+ if (k5_mutex_lock(&labeled_mutex) == 0) { -+ ctx = push_fscreatecon(path, 0); -+ -+ va_start(ap, flags); -+ mode = va_arg(ap, mode_t); -+ fd = open(path, flags, mode); -+ va_end(ap); -+ -+ errno_save = errno; -+ pop_fscreatecon(ctx); -+ k5_mutex_unlock(&labeled_mutex); -+ errno = errno_save; -+ } else { -+ va_start(ap, flags); -+ mode = va_arg(ap, mode_t); -+ fd = open(path, flags, mode); -+ errno_save = errno; -+ va_end(ap); -+ errno = errno_save; -+ } -+ return fd; -+} -+ -+#endif -Index: krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c -=================================================================== ---- krb5-1.10.2.orig/src/lib/krb5/rcache/rc_dfl.c -+++ krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c -@@ -812,6 +812,9 @@ krb5_rc_dfl_expunge_locked(krb5_context - krb5_error_code retval = 0; - krb5_rcache tmp; - krb5_deltat lifespan = t->lifespan; /* save original lifespan */ -+#ifdef USE_SELINUX -+ void *selabel; -+#endif - - if (! t->recovering) { - name = t->name; -@@ -833,7 +836,17 @@ krb5_rc_dfl_expunge_locked(krb5_context - retval = krb5_rc_resolve(context, tmp, 0); - if (retval) - goto cleanup; -+#ifdef USE_SELINUX -+ if (t->d.fn != NULL) -+ selabel = krb5int_push_fscreatecon_for(t->d.fn); -+ else -+ selabel = NULL; -+#endif - retval = krb5_rc_initialize(context, tmp, lifespan); -+#ifdef USE_SELINUX -+ if (selabel != NULL) -+ krb5int_pop_fscreatecon(selabel); -+#endif - if (retval) - goto cleanup; - for (q = t->a; q; q = q->na) { -Index: krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/kdb_db2.c -+++ krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c -@@ -683,8 +683,8 @@ ctx_create_db(krb5_context context, krb5 - if (retval) - return retval; - -- dbc->db_lf_file = open(dbc->db_lf_name, O_CREAT | O_RDWR | O_TRUNC, -- 0600); -+ dbc->db_lf_file = THREEPARAMOPEN(dbc->db_lf_name, -+ O_CREAT | O_RDWR | O_TRUNC, 0600); - if (dbc->db_lf_file < 0) { - retval = errno; - goto cleanup; -Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c -=================================================================== ---- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c -+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c -@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8 - #include - #include - -+#include "k5-int.h" - #include "db-int.h" - #include "recno.h" - -@@ -68,7 +69,8 @@ __rec_open(fname, flags, mode, openinfo, - int rfd = -1, sverrno; - - /* Open the user's file -- if this fails, we're done. */ -- if (fname != NULL && (rfd = open(fname, flags | O_BINARY, mode)) < 0) -+ if (fname != NULL && -+ (rfd = THREEPARAMOPEN(fname, flags | O_BINARY, mode)) < 0) - return (NULL); - - if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { -Index: krb5-1.10.2/src/kdc/main.c -=================================================================== ---- krb5-1.10.2.orig/src/kdc/main.c -+++ krb5-1.10.2/src/kdc/main.c -@@ -909,7 +909,7 @@ write_pid_file(const char *path) - FILE *file; - unsigned long pid; - -- file = fopen(path, "w"); -+ file = WRITABLEFOPEN(path, "w"); - if (file == NULL) - return errno; - pid = (unsigned long) getpid(); -Index: krb5-1.10.2/src/lib/kdb/kdb_log.c -=================================================================== ---- krb5-1.10.2.orig/src/lib/kdb/kdb_log.c -+++ krb5-1.10.2/src/lib/kdb/kdb_log.c -@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha - return (errno); - } - -- if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) { -+ if ((ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600)) == -1) { - return (errno); - } - -Index: krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in -=================================================================== ---- krb5-1.10.2.orig/src/util/gss-kernel-lib/Makefile.in -+++ krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in -@@ -66,6 +66,7 @@ HEADERS= \ - gssapi_err_generic.h \ - k5-int.h \ - k5-int-pkinit.h \ -+ k5-label.h \ - k5-thread.h \ - k5-platform.h \ - k5-buf.h \ -@@ -167,10 +168,12 @@ gssapi_generic.h: $(GSS_GENERIC)/gssapi_ - $(CP) $(GSS_GENERIC)/gssapi_generic.h $@ - gssapi_err_generic.h: $(GSS_GENERIC_BUILD)/gssapi_err_generic.h - $(CP) $(GSS_GENERIC_BUILD)/gssapi_err_generic.h $@ --k5-int.h: $(INCLUDE)/k5-int.h -+k5-int.h: $(INCLUDE)/k5-int.h k5-label.h - $(CP) $(INCLUDE)/k5-int.h $@ - k5-int-pkinit.h: $(INCLUDE)/k5-int-pkinit.h - $(CP) $(INCLUDE)/k5-int-pkinit.h $@ -+k5-label.h: $(INCLUDE)/k5-label.h -+ $(CP) $(INCLUDE)/k5-label.h $@ - k5-thread.h: $(INCLUDE)/k5-thread.h - $(CP) $(INCLUDE)/k5-thread.h $@ - k5-platform.h: $(INCLUDE)/k5-platform.h diff --git a/krb5-1.10.2.tar.bz2 b/krb5-1.10.2.tar.bz2 deleted file mode 100644 index 752e403..0000000 --- a/krb5-1.10.2.tar.bz2 +++ /dev/null @@ -1,3 +0,0 @@ -version https://git-lfs.github.com/spec/v1 -oid sha256:479d66291ae989d5db9daca5838ff4bddde45c77b703fadcf78ca6d1db315bd8 -size 9457236 diff --git a/krb5-1.11.tar.bz2 b/krb5-1.11.tar.bz2 new file mode 100644 index 0000000..4467513 --- /dev/null +++ b/krb5-1.11.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:2276b81a25b329724f31ca65de0636d7aec5fe109cee275c7fc935d16051282b +size 9433922 diff --git a/krb5-1.3.5-perlfix.dif b/krb5-1.3.5-perlfix.dif deleted file mode 100644 index 8920770..0000000 --- a/krb5-1.3.5-perlfix.dif +++ /dev/null @@ -1,9 +0,0 @@ ---- doc/man2html -+++ doc/man2html 2004/10/18 16:20:53 -@@ -1,5 +1,4 @@ --#!/usr/athena/bin/perl --#!/usr/local/bin/perl -+#!/usr/bin/perl - ##---------------------------------------------------------------------------## - ## File: - ## @(#) man2html 1.2 97/08/12 12:57:30 @(#) diff --git a/krb5-1.6.3-ktutil-manpage.dif b/krb5-1.6.3-ktutil-manpage.dif index 5d0d58a..956b816 100644 --- a/krb5-1.6.3-ktutil-manpage.dif +++ b/krb5-1.6.3-ktutil-manpage.dif @@ -1,11 +1,11 @@ -Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M +Index: krb5-1.11/src/man/ktutil.man =================================================================== ---- krb5-1.6.3.orig/src/kadmin/ktutil/ktutil.M -+++ krb5-1.6.3/src/kadmin/ktutil/ktutil.M -@@ -63,5 +63,17 @@ Quits - Aliases: - .BR exit , - .BR q . +--- krb5-1.11.orig/src/man/ktutil.man ++++ krb5-1.11/src/man/ktutil.man +@@ -158,6 +158,18 @@ ktutil: + .fi + .UNINDENT + .UNINDENT +.SH REMARKS +Changes to the keytab are appended to the keytab file (i.e., the keytab file +is never overwritten). To directly modify a keytab, save the changes to a @@ -19,4 +19,5 @@ Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M +ktutil> q +# mv /tmp/krb5.newtab /etc/krb5.keytab .SH SEE ALSO - kadmin(8), kdb5_util(8) + .sp + \fIkadmin(1)\fP, \fIkdb5_util(8)\fP diff --git a/krb5-1.8-manpaths.txt b/krb5-1.8-manpaths.txt deleted file mode 100644 index eaf544f..0000000 --- a/krb5-1.8-manpaths.txt +++ /dev/null @@ -1,7 +0,0 @@ -appl/sample/sserver/sserver.M -config-files/kdc.conf.M -config-files/krb5.conf.M -gen-manpages/kerberos.M -kadmin/cli/kadmin.M -slave/kpropd.M -slave/kprop.M diff --git a/krb5-1.8-pam.patch b/krb5-1.8-pam.patch index e21648b..196a6fe 100644 --- a/krb5-1.8-pam.patch +++ b/krb5-1.8-pam.patch @@ -11,11 +11,11 @@ When enabled, ksu gains a dependency on libpam. Originally RT#5939, though it's changed since then to perform the account and session management before dropping privileges. -Index: krb5-1.10.2/src/aclocal.m4 +Index: krb5-1.11/src/aclocal.m4 =================================================================== ---- krb5-1.10.2.orig/src/aclocal.m4 -+++ krb5-1.10.2/src/aclocal.m4 -@@ -1676,3 +1676,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ +--- krb5-1.11.orig/src/aclocal.m4 ++++ krb5-1.11/src/aclocal.m4 +@@ -1664,3 +1664,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[ ])) ])dnl dnl @@ -86,10 +86,10 @@ Index: krb5-1.10.2/src/aclocal.m4 +AC_SUBST(PAM_MAN) +AC_SUBST(NON_PAM_MAN) +])dnl -Index: krb5-1.10.2/src/clients/ksu/main.c +Index: krb5-1.11/src/clients/ksu/main.c =================================================================== ---- krb5-1.10.2.orig/src/clients/ksu/main.c -+++ krb5-1.10.2/src/clients/ksu/main.c +--- krb5-1.11.orig/src/clients/ksu/main.c ++++ krb5-1.11/src/clients/ksu/main.c @@ -26,6 +26,7 @@ * KSU was writen by: Ari Medvinsky, ari@isi.edu */ @@ -249,10 +249,10 @@ Index: krb5-1.10.2/src/clients/ksu/main.c exit (1); } } -Index: krb5-1.10.2/src/clients/ksu/Makefile.in +Index: krb5-1.11/src/clients/ksu/Makefile.in =================================================================== ---- krb5-1.10.2.orig/src/clients/ksu/Makefile.in -+++ krb5-1.10.2/src/clients/ksu/Makefile.in +--- krb5-1.11.orig/src/clients/ksu/Makefile.in ++++ krb5-1.11/src/clients/ksu/Makefile.in @@ -7,12 +7,14 @@ PROG_LIBPATH=-L$(TOPLIBD) PROG_RPATH=$(KRB5_LIBDIR) @@ -287,10 +287,10 @@ Index: krb5-1.10.2/src/clients/ksu/Makefile.in clean:: $(RM) ksu -Index: krb5-1.10.2/src/clients/ksu/pam.c +Index: krb5-1.11/src/clients/ksu/pam.c =================================================================== --- /dev/null -+++ krb5-1.10.2/src/clients/ksu/pam.c ++++ krb5-1.11/src/clients/ksu/pam.c @@ -0,0 +1,389 @@ +/* + * src/clients/ksu/pam.c @@ -681,10 +681,10 @@ Index: krb5-1.10.2/src/clients/ksu/pam.c + return ret; +} +#endif -Index: krb5-1.10.2/src/clients/ksu/pam.h +Index: krb5-1.11/src/clients/ksu/pam.h =================================================================== --- /dev/null -+++ krb5-1.10.2/src/clients/ksu/pam.h ++++ krb5-1.11/src/clients/ksu/pam.h @@ -0,0 +1,57 @@ +/* + * src/clients/ksu/pam.h @@ -743,13 +743,13 @@ Index: krb5-1.10.2/src/clients/ksu/pam.h +int appl_pam_cred_init(void); +void appl_pam_cleanup(void); +#endif -Index: krb5-1.10.2/src/configure.in +Index: krb5-1.11/src/configure.in =================================================================== ---- krb5-1.10.2.orig/src/configure.in -+++ krb5-1.10.2/src/configure.in -@@ -1246,6 +1246,8 @@ if test "${localedir+set}" != set; then - fi - AC_SUBST(localedir) +--- krb5-1.11.orig/src/configure.in ++++ krb5-1.11/src/configure.in +@@ -1290,6 +1290,8 @@ AC_DEFINE_UNQUOTED(DEFKTNAME, ["$DEFKTNA + AC_DEFINE_UNQUOTED(DEFCKTNAME, ["$DEFCKTNAME"], + [Define to default client keytab name]) +KRB5_WITH_PAM + diff --git a/krb5-1.9-kprop-mktemp.patch b/krb5-1.9-kprop-mktemp.patch index dca8f8b..70996ce 100644 --- a/krb5-1.9-kprop-mktemp.patch +++ b/krb5-1.9-kprop-mktemp.patch @@ -1,10 +1,10 @@ Use an in-memory ccache to silence a compiler warning, for RT#6414. -Index: krb5-1.10.2/src/slave/kprop.c +Index: krb5-1.11/src/slave/kprop.c =================================================================== ---- krb5-1.10.2.orig/src/slave/kprop.c -+++ krb5-1.10.2/src/slave/kprop.c -@@ -186,9 +186,8 @@ void PRS(argc, argv) +--- krb5-1.11.orig/src/slave/kprop.c ++++ krb5-1.11/src/slave/kprop.c +@@ -187,9 +187,8 @@ void PRS(argc, argv) void get_tickets(context) krb5_context context; { @@ -15,7 +15,7 @@ Index: krb5-1.10.2/src/slave/kprop.c krb5_keytab keytab = NULL; /* -@@ -229,11 +228,8 @@ void get_tickets(context) +@@ -230,11 +229,8 @@ void get_tickets(context) #endif /* diff --git a/krb5-1.9-manpaths.dif b/krb5-1.9-manpaths.dif index 645672d..9d4b2f5 100644 --- a/krb5-1.9-manpaths.dif +++ b/krb5-1.9-manpaths.dif @@ -3,206 +3,16 @@ values can be dropped in by config.status. After applying this patch, these files should be renamed to their ".in" counterparts, and then the configure scripts should be rebuilt. Originally RT#6525 -Index: krb5-1.10.2/src/aclocal.m4 +Index: krb5-1.11/src/man/kpropd.man =================================================================== ---- krb5-1.10.2.orig/src/aclocal.m4 -+++ krb5-1.10.2/src/aclocal.m4 -@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS) - AC_SUBST(PAM_MAN) - AC_SUBST(NON_PAM_MAN) - ])dnl -+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[ -+mansysconfdir=$sysconfdir -+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"` -+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"` -+mansbindir=$sbindir -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"` -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"` -+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"` -+manlocalstatedir=$localstatedir -+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"` -+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"` -+manlibexecdir=$libexecdir -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"` -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"` -+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"` -+AC_SUBST(mansysconfdir) -+AC_SUBST(mansbindir) -+AC_SUBST(manlocalstatedir) -+AC_SUBST(manlibexecdir) -+AC_CONFIG_FILES($1) -+]) -Index: krb5-1.10.2/src/configure.in -=================================================================== ---- krb5-1.10.2.orig/src/configure.in -+++ krb5-1.10.2/src/configure.in -@@ -1249,6 +1249,17 @@ AC_SUBST(localedir) - KRB5_WITH_PAM - - AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) -+ -+V5_AC_OUTPUT_MANPAGE([ -+ appl/sample/sserver/sserver.M -+ config-files/kdc.conf.M -+ config-files/krb5.conf.M -+ gen-manpages/kerberos.M -+ kadmin/cli/kadmin.M -+ slave/kpropd.M -+ slave/kprop.M -+]) -+ - V5_AC_OUTPUT_MAKEFILE(. - - util util/support util/profile util/profile/testmod util/send-pr -Index: krb5-1.10.2/src/appl/sample/sserver/sserver.M -=================================================================== ---- krb5-1.10.2.orig/src/appl/sample/sserver/sserver.M -+++ krb5-1.10.2/src/appl/sample/sserver/sserver.M -@@ -59,7 +59,7 @@ option allows for a different keytab tha - using a line in - /etc/inetd.conf that looks like this: - .PP --sample stream tcp nowait root /usr/local/sbin/sserver sserver -+sample stream tcp nowait root @mansbindir@/sserver sserver - .PP - Since \fBsample\fP is normally not a port defined in /etc/services, you will - usually have to add a line to /etc/services which looks like this: -Index: krb5-1.10.2/src/config-files/kdc.conf.M -=================================================================== ---- krb5-1.10.2.orig/src/config-files/kdc.conf.M -+++ krb5-1.10.2/src/config-files/kdc.conf.M -@@ -92,14 +92,14 @@ This - .B string - specifies the location of the access control list (acl) file that - kadmin uses to determine which principals are allowed which permissions --on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl. -+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl. - - .IP admin_keytab - This - .B string - Specifies the location of the keytab file that kadmin uses to - authenticate to the database. The default value is --/usr/local/var/krb5kdc/kadm5.keytab. -+@manlocalstatedir@/krb5kdc/kadm5.keytab. - - .IP database_name - This -@@ -274,7 +274,7 @@ tickets should be checked against the tr - realm names and the [capaths] section of its krb5.conf file - - .SH FILES --/usr/local/var/krb5kdc/kdc.conf -+@manlocalstatedir@/krb5kdc/kdc.conf - - .SH SEE ALSO - krb5.conf(5), krb5kdc(8) -Index: krb5-1.10.2/src/config-files/krb5.conf.M -=================================================================== ---- krb5-1.10.2.orig/src/config-files/krb5.conf.M -+++ krb5-1.10.2/src/config-files/krb5.conf.M -@@ -808,6 +808,6 @@ This module implements the encrypted cha - This module implements the encrypted timestamp mechanism. - - .SH FILES --/etc/krb5.conf -+@mansysconfdir@/krb5.conf - .SH SEE ALSO - syslog(3) -Index: krb5-1.10.2/src/gen-manpages/kerberos.M -=================================================================== ---- krb5-1.10.2.orig/src/gen-manpages/kerberos.M -+++ krb5-1.10.2/src/gen-manpages/kerberos.M -@@ -125,7 +125,7 @@ default is /etc/krb5.conf. - Specifies the location of the KDC configuration file, which contains - additional configuration directives for the Key Distribution Center - daemon and associated programs. The default is --/usr/local/var/krb5kdc/kdc.conf. -+@manlocalstatedir@/krb5kdc/kdc.conf. - .TP - .B KRB5RCACHETYPE - Specifies the default type of replay cache to use for servers. Valid -Index: krb5-1.10.2/src/kadmin/cli/kadmin.M -=================================================================== ---- krb5-1.10.2.orig/src/kadmin/cli/kadmin.M -+++ krb5-1.10.2/src/kadmin/cli/kadmin.M -@@ -924,9 +924,9 @@ option is specified, less verbose status - .RS - .TP - EXAMPLE: --kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin -+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin - Entry for principal kadmin/admin with kvno 3 removed -- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. -+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab. - kadmin: - .RE +--- krb5-1.11.orig/src/man/kpropd.man ++++ krb5-1.11/src/man/kpropd.man +@@ -63,7 +63,7 @@ the \fB/etc/inetd.conf\fP file which loo + .sp + .nf + .ft C +-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd ++kprop stream tcp nowait root @SBINDIR@/kpropd kpropd + .ft P .fi -Index: krb5-1.10.2/src/slave/kpropd.M -=================================================================== ---- krb5-1.10.2.orig/src/slave/kpropd.M -+++ krb5-1.10.2/src/slave/kpropd.M -@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of - This is done by adding a line to the inetd.conf file which looks like - this: - --kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd -+kprop stream tcp nowait root @mansbindir@/kpropd kpropd - - However, kpropd can also run as a standalone daemon, if the - .B \-S -@@ -111,13 +111,13 @@ is used. - \fB\-f\fP \fIfile\fP - specifies the filename where the dumped principal database file is to be - stored; by default the dumped database file is KPROPD_DEFAULT_FILE --(normally /usr/local/var/krb5kdc/from_master). -+(normally @manlocalstatedir@/krb5kdc/from_master). - .TP - .B \-p - allows the user to specify the pathname to the - .IR kdb5_util (8) - program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL --(normally /usr/local/sbin/kdb5_util). -+(normally @mansbindir@/kdb5_util). - .TP - .B \-S - turn on standalone mode. Normally, kpropd is invoked out of -@@ -148,14 +148,14 @@ mode. - allows the user to specify the path to the - kpropd.acl - file; by default the path used is KPROPD_ACL_FILE --(normally /usr/local/var/krb5kdc/kpropd.acl). -+(normally @manlocalstatedir@/krb5kdc/kpropd.acl). - .SH FILES - .TP "\w'kpropd.acl\ \ 'u" - kpropd.acl - Access file for - .BR kpropd ; - the default location is KPROPD_ACL_FILE (normally --/usr/local/var/krb5kdc/kpropd.acl). -+@manlocalstatedir@/krb5kdc/kpropd.acl). - Each entry is a line containing the principal of a host from which the - local machine will allow Kerberos database propagation via kprop. - .SH SEE ALSO -Index: krb5-1.10.2/src/slave/kprop.M -=================================================================== ---- krb5-1.10.2.orig/src/slave/kprop.M -+++ krb5-1.10.2/src/slave/kprop.M -@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv - This is done by transmitting the dumped database file to the slave - server over an encrypted, secure channel. The dump file must be created - by kdb5_util, and is normally KPROP_DEFAULT_FILE --(/usr/local/var/krb5kdc/slave_datatrans). -+(@manlocalstatedir@/krb5kdc/slave_datatrans). - .SH OPTIONS - .TP - \fB\-r\fP \fIrealm\fP -@@ -51,7 +51,7 @@ is used. - \fB\-f\fP \fIfile\fP - specifies the filename where the dumped principal database file is to be - found; by default the dumped database file is KPROP_DEFAULT_FILE --(normally /usr/local/var/krb5kdc/slave_datatrans). -+(normally @manlocalstatedir@/krb5kdc/slave_datatrans). - .TP - \fB\-P\fP \fIport\fP - specifies the port to use to contact the + .UNINDENT diff --git a/krb5-doc-rpmlintrc b/krb5-doc-rpmlintrc deleted file mode 100644 index de258e7..0000000 --- a/krb5-doc-rpmlintrc +++ /dev/null @@ -1,2 +0,0 @@ -addFilter("files-duplicate .*css") -addFilter("files-duplicate .*img.*png") diff --git a/krb5-doc.changes b/krb5-doc.changes deleted file mode 100644 index 211fa6c..0000000 --- a/krb5-doc.changes +++ /dev/null @@ -1,196 +0,0 @@ -------------------------------------------------------------------- -Mon Sep 3 14:34:35 UTC 2012 - idonmez@suse.com - -- Build depend on texinfo & texlive-dvips to fix the build - -------------------------------------------------------------------- -Wed Jun 6 17:34:26 CEST 2012 - mc@suse.de - -- update to version 1.10.2 - -------------------------------------------------------------------- -Mon Aug 22 10:21:56 CEST 2011 - mc@suse.de - -- update to version 1.9.1 - -------------------------------------------------------------------- -Fri Apr 9 12:45:30 CEST 2010 - mc@suse.de - -- update to version 1.8.1 - -------------------------------------------------------------------- -Tue Mar 23 12:38:29 CET 2010 - mc@suse.de - -- add post 1.8 fixes - * Document the ticket_lifetime libdefaults setting - -------------------------------------------------------------------- -Thu Mar 4 11:45:22 CET 2010 - mc@suse.de - -- update to version 1.8 - -------------------------------------------------------------------- -Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de - -- update to final version 1.7 - -------------------------------------------------------------------- -Wed May 13 11:34:07 CEST 2009 - mc@suse.de - -- update to version 1.7 Beta2 - -------------------------------------------------------------------- -Mon Feb 16 13:08:05 CET 2009 - mc@suse.de - -- update to pre 1.7 version - * remove outdated documentation for kadm5 API - -------------------------------------------------------------------- -Fri Jul 25 12:17:10 CEST 2008 - mc@suse.de - -- add patches from SVN post 1.6.3 - * some fixes in the man pages - -------------------------------------------------------------------- -Wed Jun 18 15:34:16 CEST 2008 - mc@suse.de - -- reduce rpmlint warnings - -------------------------------------------------------------------- -Tue Oct 23 10:29:23 CEST 2007 - mc@suse.de - -- update to krb5 version 1.6.3 - * fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow - * fix CVE-2007-4000 modify_policy vulnerability - * Add PKINIT support -- remove patches which are upstream now -- enhance init scripts and xinetd profiles - -------------------------------------------------------------------- -Thu Jul 12 17:02:30 CEST 2007 - mc@suse.de - -- update to version 1.6.2 -- remove krb5-1.6.1-post.dif all fixes are included in this release - -------------------------------------------------------------------- -Wed Jun 13 15:29:42 CEST 2007 - sschober@suse.de - -- removed executable permission from doc file - -------------------------------------------------------------------- -Mon Apr 23 11:15:59 CEST 2007 - mc@suse.de - -- update to final 1.6.1 version -- replace te_ams with texlive in BuildRequires - -------------------------------------------------------------------- -Wed Apr 18 14:47:49 CEST 2007 - mc@suse.de - -- build implementor.ps - -------------------------------------------------------------------- -Mon Apr 16 14:39:40 CEST 2007 - mc@suse.de - -- update to version 1.6.1 Beta1 -- remove obsolete patches - (krb5-1.6-post.dif, krb5-1.6-patchlevel.dif) - -------------------------------------------------------------------- -Mon Feb 19 14:00:49 CET 2007 - mc@suse.de - -- add krb5-1.6-post.dif - -------------------------------------------------------------------- -Mon Jan 22 12:21:20 CET 2007 - mc@suse.de - -- update to version 1.6 - * Major changes in 1.6 include - * Partial client implementation to handle server name referrals. - * Pre-authentication plug-in framework, donated by Red Hat. - * LDAP KDB plug-in, donated by Novell. - -------------------------------------------------------------------- -Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de - -- update to version 1.5.1 -- remove obsolete patches which are now included upstream - * krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif - * trunk-fix-uninitialized-vars.dif - -------------------------------------------------------------------- -Mon Jul 3 15:01:57 CEST 2006 - mc@suse.de - -- update to version 1.5 - * KDB abstraction layer, donated by Novell. - * plug-in architecture, allowing for extension modules to be - loaded at run-time. - * multi-mechanism GSS-API implementation ("mechglue"), - donated by Sun Microsystems - * Simple and Protected GSS-API negotiation mechanism ("SPNEGO") - implementation, donated by Sun Microsystems -- remove obsolete patches and add some new - -------------------------------------------------------------------- -Mon Mar 13 18:01:06 CET 2006 - mc@suse.de - -- set BuildArchitectures to noarch -- set norootforbuild - -------------------------------------------------------------------- -Wed Jan 25 21:30:24 CET 2006 - mls@suse.de - -- converted neededforbuild to BuildRequires - -------------------------------------------------------------------- -Fri Nov 18 12:15:07 CET 2005 - mc@suse.de - -- update to version 1.4.3 -- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif) - -------------------------------------------------------------------- -Wed Oct 12 16:19:08 CEST 2005 - mc@suse.de - -- build kadm5 documentation -- build documentation also as html -- include the text only documentation - -------------------------------------------------------------------- -Tue Oct 11 17:40:26 CEST 2005 - mc@suse.de - -- update to version 1.4.2 -- remove some obsolet patches - -------------------------------------------------------------------- -Mon Jun 27 13:36:04 CEST 2005 - mc@suse.de - -- update to version 1.4.1 -- remove obsolet patches - - krb5-1.4-VUL-0-telnet.dif - -------------------------------------------------------------------- -Thu Feb 10 02:38:39 CET 2005 - ro@suse.de - -- added libpng to neededforbuild (for tetex) - -------------------------------------------------------------------- -Fri Feb 4 16:50:34 CET 2005 - mc@suse.de - -- remove spx.c from tarball because of legal risk -- add README.Source which tell the user about this - action. - -------------------------------------------------------------------- -Fri Jan 28 13:28:18 CET 2005 - mc@suse.de - -- update to version 1.4 - -------------------------------------------------------------------- -Mon Jan 10 12:20:11 CET 2005 - mc@suse.de - -- update to version 1.3.6 - -------------------------------------------------------------------- -Tue Dec 14 15:21:02 CET 2004 - mc@suse.de - -- initial release - diff --git a/krb5-doc.spec b/krb5-doc.spec deleted file mode 100644 index 33f5260..0000000 --- a/krb5-doc.spec +++ /dev/null @@ -1,91 +0,0 @@ -# -# spec file for package krb5-doc -# -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. -# -# All modifications and additions to the file contributed by third parties -# remain the property of their copyright owners, unless otherwise agreed -# upon. The license for this file, and modifications and additions to the -# file, is the same license as for the pristine package itself (unless the -# license for the pristine package is not an Open Source License, in which -# case the license is the MIT License). An "Open Source License" is a -# license that conforms to the Open Source Definition (Version 1.9) -# published by the Open Source Initiative. - -# Please submit bugfixes or comments via http://bugs.opensuse.org/ -# - - -Name: krb5-doc -BuildRequires: ghostscript-library -BuildRequires: texinfo -BuildRequires: texlive-dvips -Version: 1.10.2 -Release: 0 -%define srcRoot krb5-1.10.2 -Summary: MIT Kerberos5 Implementation--Documentation -License: MIT -Group: Documentation/Other -Url: http://web.mit.edu/kerberos/www/ -Source: krb5-%{version}.tar.bz2 -Source3: %{name}-rpmlintrc -Patch0: krb5-1.3.5-perlfix.dif -BuildRoot: %{_tmppath}/%{name}-%{version}-build -BuildArch: noarch - -%description -Kerberos V5 is a trusted-third-party network authentication -system,which can improve your network's security by eliminating the -insecurepractice of clear text passwords. This package includes -extended documentation for MIT Kerberos. - - - -Authors: --------- - The MIT Kerberos Team - Sam Hartman - Ken Raeburn - Tom Yu - -%prep -%setup -n %{srcRoot} -%patch0 - -%build -sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex -sed -i -e '1c\ -\\documentclass{article}\ -\\usepackage{fixunder}\ -\\usepackage{functions}\ -\\usepackage{fancyheadings}\ -\\usepackage{hyperref}' doc/implement/implement.tex - -%install -cd doc -mkdir -p html -make -make implementor.ps -make -C api -make -C implement -mv *.html html/ -cd .. -find . -type f -name '*.ps' -exec gzip -9 {} \; -chmod 644 doc/man2ps -chmod 644 doc/krb5-protocol/draft-jaganathan-rc4-hmac-03.txt -# cleanup -rm -f %{buildroot}/usr/share/man/man1/tmac.doc* -rm -f /usr/share/man/man1/tmac.doc* -rm -rf /usr/lib/mit/share -rm -rf %{buildroot}/usr/lib/mit/share - -%clean -rm -rf %{buildroot} - -%files -%defattr(-,root,root) -%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz -%doc doc/krb5-protocol doc/kadmin -%doc doc/html - -%changelog diff --git a/krb5-mini.changes b/krb5-mini.changes index 7d147d2..0620578 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,19 @@ +------------------------------------------------------------------- +Sun Jan 13 15:01:50 UTC 2013 - mc@suse.com + +- update to version 1.11 + * Improve ASN.1 support code, making it table-driven for + decoding as well as encoding + * Refactor parts of KDC + * Documentation consolidation + * build docs in the main package + * bugfixing + +------------------------------------------------------------------- +Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com + +- revert the -p usage in %postun to fix SLE build + ------------------------------------------------------------------- Tue Oct 16 12:05:00 UTC 2012 - coolo@suse.com diff --git a/krb5-mini.spec b/krb5-mini.spec index 55d27a7..7d4bdcf 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,7 +1,7 @@ # # spec file for package krb5-mini # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 1 -%define srcRoot krb5-1.10.2 +%define srcRoot krb5-1.11 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -25,12 +25,13 @@ Name: krb5-mini Url: http://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison +BuildRequires: doxygen BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.10.2 +Version: 1.11 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -39,6 +40,10 @@ Group: Productivity/Networking/Security BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: python-Cheetah +BuildRequires: python-Sphinx +BuildRequires: python-libxml2 +BuildRequires: python-lxml %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(systemd) %endif @@ -52,19 +57,16 @@ Source: krb5-%{version}.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc -Source10: krb5-1.8-manpaths.txt -Patch1: krb5-1.10-buildconf.patch -Patch3: krb5-1.9-manpaths.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.10-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch10: krb5-1.7-doublelog.patch -Patch12: krb5-1.8-api.patch -Patch13: krb5-1.8-pam.patch -Patch18: krb5-1.9-kprop-mktemp.patch -Patch19: krb5-1.9-ksu-path.patch -Patch20: krb5-1.10-gcc47.patch -Patch21: krb5-1.10-selinux-label.patch +Patch1: krb5-1.8-pam.patch +Patch2: krb5-1.9-manpaths.dif +Patch3: krb5-1.10-buildconf.patch +Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch5: krb5-1.10-kpasswd_tcp.patch +Patch6: krb5-1.6.3-ktutil-manpage.dif +Patch7: krb5-1.7-doublelog.patch +Patch8: krb5-1.8-api.patch +Patch9: krb5-1.9-kprop-mktemp.patch +Patch10: krb5-1.9-ksu-path.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -121,6 +123,16 @@ Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. +%package doc +Summary: MIT Kerberos5 Implementation--Documentation +Group: Documentation/Other + +%description doc +Kerberos V5 is a trusted-third-party network authentication +system,which can improve your network's security by eliminating the +insecurepractice of clear text passwords. This package includes +extended documentation for MIT Kerberos. + %endif #! build_mini %package devel @@ -147,24 +159,16 @@ Include Files for Development %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch13 -p1 -%patch3 -p1 -%patch21 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 %patch10 -p1 -%patch12 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -# Rename the man pages so that they'll get generated correctly. -pushd src -cat %{SOURCE10} | while read manpage ; do - mv "$manpage" "$manpage".in -done -popd %build # needs to be re-generated @@ -190,7 +194,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI --with-ldap \ --with-pam \ --enable-pkinit \ - --with-selinux \ %else --disable-pkinit \ --without-pam \ @@ -198,6 +201,10 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI --with-system-et \ --with-system-ss make %{?jobs:-j%jobs} +cd doc +make %{?jobs:-j%jobs} substhtml +cp -a html_subst ../../html +cd .. %install cd src @@ -273,8 +280,9 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* -rm -rf /usr/lib/mit/share -rm -rf %{buildroot}/usr/lib/mit/share +#rm -rf /usr/lib/mit/share +rm -rf %{buildroot}/usr/lib/mit/share/examples +rm -rf %{buildroot}/usr/lib/mit/share/locale ##################################################### # krb5(-mini) pre/post/postun @@ -282,7 +290,8 @@ rm -rf %{buildroot}/usr/lib/mit/share %post -p /sbin/ldconfig -%postun -p /sbin/ldconfig +%postun +/sbin/ldconfig %if ! %{build_mini} @@ -324,7 +333,8 @@ rm -rf %{buildroot}/usr/lib/mit/share %post plugin-kdb-ldap -p /sbin/ldconfig -%postun plugin-kdb-ldap -p /sbin/ldconfig +%postun plugin-kdb-ldap +/sbin/ldconfig %endif @@ -337,6 +347,7 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so @@ -348,12 +359,11 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libverto.so -%{_libdir}/libverto-k5ev.so %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr +/usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* -%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} @@ -373,6 +383,7 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir /usr/lib/mit %dir /usr/lib/mit/sbin %dir /usr/lib/mit/bin +%dir /usr/lib/mit/share %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf %attr(0644,root,root) %config /etc/profile.d/krb5* @@ -392,7 +403,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local @@ -420,6 +430,7 @@ rm -rf %{buildroot}/usr/lib/mit/share /usr/lib/mit/bin/sclient /usr/lib/mit/bin/gss-client /usr/lib/mit/bin/sim_client +/usr/lib/mit/share/gnats /usr/bin/kinit /usr/bin/klist /usr/sbin/rc* @@ -429,7 +440,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/sclient.1* %{_mandir}/man1/kadmin.1* @@ -465,7 +475,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %files server %defattr(-,root,root) @@ -505,6 +514,7 @@ rm -rf %{buildroot}/usr/lib/mit/share /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so %{_mandir}/man5/kdc.conf.5* +%{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* @@ -540,7 +550,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* @@ -573,6 +582,11 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so + +%files doc +%defattr(-,root,root) +%doc html doc/CHANGES doc/README + %endif #build_mini %changelog diff --git a/krb5.changes b/krb5.changes index c9a1734..0620578 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,14 @@ +------------------------------------------------------------------- +Sun Jan 13 15:01:50 UTC 2013 - mc@suse.com + +- update to version 1.11 + * Improve ASN.1 support code, making it table-driven for + decoding as well as encoding + * Refactor parts of KDC + * Documentation consolidation + * build docs in the main package + * bugfixing + ------------------------------------------------------------------- Tue Oct 16 19:35:47 UTC 2012 - coolo@suse.com diff --git a/krb5.spec b/krb5.spec index c74625d..02f34cc 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,7 +1,7 @@ # # spec file for package krb5 # -# Copyright (c) 2012 SUSE LINUX Products GmbH, Nuernberg, Germany. +# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed @@ -17,7 +17,7 @@ %define build_mini 0 -%define srcRoot krb5-1.10.2 +%define srcRoot krb5-1.11 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -25,12 +25,13 @@ Name: krb5 Url: http://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison +BuildRequires: doxygen BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel -Version: 1.10.2 +Version: 1.11 Release: 0 Summary: MIT Kerberos5 Implementation--Libraries License: MIT @@ -39,6 +40,10 @@ Group: Productivity/Networking/Security BuildRequires: libopenssl-devel BuildRequires: openldap2-devel BuildRequires: pam-devel +BuildRequires: python-Cheetah +BuildRequires: python-Sphinx +BuildRequires: python-libxml2 +BuildRequires: python-lxml %if 0%{?suse_version} >= 1210 BuildRequires: pkgconfig(systemd) %endif @@ -52,19 +57,16 @@ Source: krb5-%{version}.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-rpmlintrc -Source10: krb5-1.8-manpaths.txt -Patch1: krb5-1.10-buildconf.patch -Patch3: krb5-1.9-manpaths.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.10-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch10: krb5-1.7-doublelog.patch -Patch12: krb5-1.8-api.patch -Patch13: krb5-1.8-pam.patch -Patch18: krb5-1.9-kprop-mktemp.patch -Patch19: krb5-1.9-ksu-path.patch -Patch20: krb5-1.10-gcc47.patch -Patch21: krb5-1.10-selinux-label.patch +Patch1: krb5-1.8-pam.patch +Patch2: krb5-1.9-manpaths.dif +Patch3: krb5-1.10-buildconf.patch +Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch5: krb5-1.10-kpasswd_tcp.patch +Patch6: krb5-1.6.3-ktutil-manpage.dif +Patch7: krb5-1.7-doublelog.patch +Patch8: krb5-1.8-api.patch +Patch9: krb5-1.9-kprop-mktemp.patch +Patch10: krb5-1.9-ksu-path.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -121,6 +123,16 @@ Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. +%package doc +Summary: MIT Kerberos5 Implementation--Documentation +Group: Documentation/Other + +%description doc +Kerberos V5 is a trusted-third-party network authentication +system,which can improve your network's security by eliminating the +insecurepractice of clear text passwords. This package includes +extended documentation for MIT Kerberos. + %endif #! build_mini %package devel @@ -147,24 +159,16 @@ Include Files for Development %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch13 -p1 -%patch3 -p1 -%patch21 -p1 %patch1 -p1 +%patch2 -p1 +%patch3 -p1 +%patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 +%patch8 -p1 +%patch9 -p1 %patch10 -p1 -%patch12 -p1 -%patch18 -p1 -%patch19 -p1 -%patch20 -# Rename the man pages so that they'll get generated correctly. -pushd src -cat %{SOURCE10} | while read manpage ; do - mv "$manpage" "$manpage".in -done -popd %build # needs to be re-generated @@ -190,7 +194,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI --with-ldap \ --with-pam \ --enable-pkinit \ - --with-selinux \ %else --disable-pkinit \ --without-pam \ @@ -198,6 +201,10 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI --with-system-et \ --with-system-ss make %{?jobs:-j%jobs} +cd doc +make %{?jobs:-j%jobs} substhtml +cp -a html_subst ../../html +cd .. %install cd src @@ -273,8 +280,9 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* -rm -rf /usr/lib/mit/share -rm -rf %{buildroot}/usr/lib/mit/share +#rm -rf /usr/lib/mit/share +rm -rf %{buildroot}/usr/lib/mit/share/examples +rm -rf %{buildroot}/usr/lib/mit/share/locale ##################################################### # krb5(-mini) pre/post/postun @@ -339,6 +347,7 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin +%dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so @@ -350,12 +359,11 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libverto.so -%{_libdir}/libverto-k5ev.so %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr +/usr/lib/mit/share/gnats %{_mandir}/man1/krb5-send-pr.1* -%{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %if %{build_mini} @@ -375,6 +383,7 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir /usr/lib/mit %dir /usr/lib/mit/sbin %dir /usr/lib/mit/bin +%dir /usr/lib/mit/share %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf %attr(0644,root,root) %config /etc/profile.d/krb5* @@ -394,7 +403,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %{_libdir}/krb5/plugins/kdb/* #/usr/lib/mit/sbin/* /usr/lib/mit/sbin/kadmin.local @@ -422,6 +430,7 @@ rm -rf %{buildroot}/usr/lib/mit/share /usr/lib/mit/bin/sclient /usr/lib/mit/bin/gss-client /usr/lib/mit/bin/sim_client +/usr/lib/mit/share/gnats /usr/bin/kinit /usr/bin/klist /usr/sbin/rc* @@ -431,7 +440,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/sclient.1* %{_mandir}/man1/kadmin.1* @@ -467,7 +475,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libverto.so.* -%{_libdir}/libverto-k5ev.so.* %files server %defattr(-,root,root) @@ -507,6 +514,7 @@ rm -rf %{buildroot}/usr/lib/mit/share /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so %{_mandir}/man5/kdc.conf.5* +%{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* @@ -542,7 +550,6 @@ rm -rf %{buildroot}/usr/lib/mit/share %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* -%{_mandir}/man1/kerberos.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* @@ -575,6 +582,11 @@ rm -rf %{buildroot}/usr/lib/mit/share %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so + +%files doc +%defattr(-,root,root) +%doc html doc/CHANGES doc/README + %endif #build_mini %changelog