# # spec file for package krb5-plugins (Version 1.6) # # Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany. # This file and all modifications and additions to the pristine # package are under the same license as the package itself. # # Please submit bugfixes or comments via http://bugs.opensuse.org/ # # norootforbuild # nodebuginfo Name: krb5-plugins Version: 1.6 Release: 12 BuildRequires: bison krb5-devel ncurses-devel openldap2-devel %define srcRoot krb5-1.6 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 Requires: krb5-server Summary: MIT Kerberos5 Implementation--Libraries License: X11/MIT URL: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security Source: krb5-1.6.tar.bz2 Source1: vendor-files.tar.bz2 Source2: README.Source Source3: spx.c Source4: EncryptWithMasterKey.c Patch1: krb5-1.5.1-fix-too-few-arguments.dif Patch2: krb5-1.4-compile_pie.dif Patch3: krb5-1.4-fix-segfault.dif Patch4: krb5-1.6-post.dif Patch5: krb5-1.6-patchlevel.dif Patch6: trunk-EncryptWithMasterKey.dif Patch14: warning-fix-lib-crypto-des.dif Patch15: warning-fix-lib-crypto-dk.dif Patch16: warning-fix-lib-crypto.dif Patch17: warning-fix-lib-crypto-enc_provider.dif Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif Patch20: kprop-use-mkstemp.dif Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif #Patch23: trunk-install-preauth-header.dif Patch24: krb5-1.5.1-fix-strncat-warning.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %package -n krb5-plugin-kdb-ldap Requires: krb5-server = %{version} Summary: MIT Kerberos5 Implementation--LDAP Database Plugin License: X11/MIT URL: http://web.mit.edu/kerberos/www/ Group: Productivity/Networking/Security %description -n krb5-plugin-kdb-ldap Kerberos V5 is a trusted-third-party network authentication system, which can improve your network's security by eliminating the insecure practice of clear text passwords. This package contains the LDAP database plugin. Authors: -------- The MIT Kerberos Team Sam Hartman Ken Raeburn Tom Yu %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ] then echo "spx.c contains potential legal risks." exit 1; else cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c fi %patch1 %patch2 %patch3 %patch4 %patch5 %patch6 %patch14 %patch15 %patch16 %patch17 %patch18 %patch20 %patch21 %patch22 #%patch23 %patch24 cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c %build cd src %{?suse_update_config:%{suse_update_config -f}} ./util/reconf CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE " \ ./configure \ --prefix=/usr/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libexecdir=/usr/lib/mit/sbin \ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ --enable-shared \ --disable-static \ --enable-kdc-replay-cache \ --enable-dns-for-realm \ --with-ldap \ --with-system-et \ --with-system-ss cd util/profile make install-headers-unix cd ../../include make cd ../lib/kadm5 make includes cd ../gssapi/generic make gssapi-include ln -s %{_libdir}/libgssrpc.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libgssapi_krb5.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libk5crypto.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libkrb5support.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libkrb5.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libkadm5srv.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libkdb5.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libkrb4.so %{_builddir}/%{srcRoot}/src/lib/ ln -s %{_libdir}/libdes425.so %{_builddir}/%{srcRoot}/src/lib/ cd ../../../kadmin/cli make getdate.o cd ../../plugins/kdb/ldap/ make %{?jobs:-j%jobs} #make check %install rm -rf %{buildroot} mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{krb5docdir} mkdir -p %{buildroot}/usr/lib/mit/sbin/ mkdir -p %{buildroot}/%{_mandir}/man8/ cd src/plugins/kdb/ldap/ make DESTDIR=%{buildroot} install # all libs must have permissions 0755 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"` do chmod 0755 ${lib} done install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* rm -rf /usr/lib/mit/share rm -rf %{buildroot}/usr/lib/mit/share ##################################################### # krb5 pre/post/postun ##################################################### %post -n krb5-plugin-kdb-ldap %run_ldconfig %postun -n krb5-plugin-kdb-ldap %run_ldconfig %clean rm -rf %{buildroot} ######################################################## # files sections ######################################################## %files -n krb5-plugin-kdb-ldap %defattr(-,root,root) %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir /usr/lib/mit/sbin/ %dir %{krb5docdir} %doc %{krb5docdir}/kerberos.schema %doc %{krb5docdir}/kerberos.ldif %{_libdir}/krb5/plugins/kdb/*.so /usr/lib/mit/sbin/* %{_libdir}/libkdb_ldap* %{_mandir}/man8/* %changelog * Wed Apr 11 2007 - mc@suse.de - update krb5-1.6-post.dif * fix kadmind stack overflow in krb5_klog_syslog (MITKRB5-SA-2007-002 - CVE-2007-0957) [#253548] * fix double free attack in the RPC library (MITKRB5-SA-2007-003 - CVE-2007-1216) [#252487] * fix krb5 telnetd login injection (MIT-SA-2007-001 - CVE-2007-0956) [#247765] * Thu Mar 29 2007 - mc@suse.de - add ncurses-devel and bison to BuildRequires - rework some patches * Mon Feb 19 2007 - mc@suse.de - update krb5-1.6-post.dif * Fri Feb 09 2007 - mc@suse.de - update krb5-1.6-post.dif * Mon Jan 29 2007 - ro@suse.de - no main package, no debuginfo * Mon Jan 29 2007 - mc@suse.de - krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif are now upstream. Remove patches. - fix leak in krb5_kt_resolve and krb5_kt_wresolve * Tue Jan 23 2007 - mc@suse.de - fix "local variable used before set" in ftp.c [#237684] - use less BuildRequires * Mon Jan 22 2007 - mc@suse.de - initial release (version 1.6) * Major changes in 1.6 include * Partial client implementation to handle server name referrals. * Pre-authentication plug-in framework, donated by Red Hat. * LDAP KDB plug-in, donated by Novell.