SHA256
1
0
forked from pool/krb5
krb5/krb5-plugins.spec

242 lines
7.3 KiB
RPMSpec

#
# spec file for package krb5-plugins (Version 1.6)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
# nodebuginfo
Name: krb5-plugins
Version: 1.6
Release: 12
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
%define srcRoot krb5-1.6
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
Requires: krb5-server
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.6.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.4-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch4: krb5-1.6-post.dif
Patch5: krb5-1.6-patchlevel.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
#Patch23: trunk-install-preauth-header.dif
Patch24: krb5-1.5.1-fix-strncat-warning.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package -n krb5-plugin-kdb-ldap
Requires: krb5-server = %{version}
Summary: MIT Kerberos5 Implementation--LDAP Database Plugin
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
%description -n krb5-plugin-kdb-ldap
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package contains the LDAP
database plugin.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch4
%patch5
%patch6
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
%patch21
%patch22
#%patch23
%patch24
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-kdc-replay-cache \
--enable-dns-for-realm \
--with-ldap \
--with-system-et \
--with-system-ss
cd util/profile
make install-headers-unix
cd ../../include
make
cd ../lib/kadm5
make includes
cd ../gssapi/generic
make gssapi-include
ln -s %{_libdir}/libgssrpc.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libgssapi_krb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libk5crypto.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb5support.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkadm5srv.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkdb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb4.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libdes425.so %{_builddir}/%{srcRoot}/src/lib/
cd ../../../kadmin/cli
make getdate.o
cd ../../plugins/kdb/ldap/
make %{?jobs:-j%jobs}
#make check
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
mkdir -p %{buildroot}/%{krb5docdir}
mkdir -p %{buildroot}/usr/lib/mit/sbin/
mkdir -p %{buildroot}/%{_mandir}/man8/
cd src/plugins/kdb/ldap/
make DESTDIR=%{buildroot} install
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%post -n krb5-plugin-kdb-ldap
%run_ldconfig
%postun -n krb5-plugin-kdb-ldap
%run_ldconfig
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files -n krb5-plugin-kdb-ldap
%defattr(-,root,root)
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir /usr/lib/mit/sbin/
%dir %{krb5docdir}
%doc %{krb5docdir}/kerberos.schema
%doc %{krb5docdir}/kerberos.ldif
%{_libdir}/krb5/plugins/kdb/*.so
/usr/lib/mit/sbin/*
%{_libdir}/libkdb_ldap*
%{_mandir}/man8/*
%changelog
* Wed Apr 11 2007 - mc@suse.de
- update krb5-1.6-post.dif
* fix kadmind stack overflow in krb5_klog_syslog
(MITKRB5-SA-2007-002 - CVE-2007-0957)
[#253548]
* fix double free attack in the RPC library
(MITKRB5-SA-2007-003 - CVE-2007-1216)
[#252487]
* fix krb5 telnetd login injection
(MIT-SA-2007-001 - CVE-2007-0956)
[#247765]
* Thu Mar 29 2007 - mc@suse.de
- add ncurses-devel and bison to BuildRequires
- rework some patches
* Mon Feb 19 2007 - mc@suse.de
- update krb5-1.6-post.dif
* Fri Feb 09 2007 - mc@suse.de
- update krb5-1.6-post.dif
* Mon Jan 29 2007 - ro@suse.de
- no main package, no debuginfo
* Mon Jan 29 2007 - mc@suse.de
- krb5-1.6-fix-passwd-tcp.dif and krb5-1.6-fix-sendto_kdc-memset.dif
are now upstream. Remove patches.
- fix leak in krb5_kt_resolve and krb5_kt_wresolve
* Tue Jan 23 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
- use less BuildRequires
* Mon Jan 22 2007 - mc@suse.de
- initial release (version 1.6)
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.