Hello community, here is the log from the commit of package krb5.12977 for openSUSE:Leap:15.1:Update checked in at 2020-06-29 06:16:54 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Leap:15.1:Update/krb5.12977 (Old) and /work/SRC/openSUSE:Leap:15.1:Update/.krb5.12977.new.3060 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "krb5.12977" Mon Jun 29 06:16:54 2020 rev:1 rq:817123 version:1.16.3 Changes: -------- New Changes file: --- /dev/null 2020-06-25 10:56:43.568241769 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.krb5.12977.new.3060/krb5-mini.changes 2020-06-29 06:16:55.878130559 +0200 @@ -0,0 +1,1847 @@ +------------------------------------------------------------------- +Mon Jun 8 10:01:09 UTC 2020 - Samuel Cabrero <scabr...@suse.de> + +- Update logrotate script, call systemd to reload the services + instead of init-scripts. (boo#1169357) + +------------------------------------------------------------------- +Mon Aug 5 15:26:39 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947); + (bsc#1144047); + +------------------------------------------------------------------- +Wed Jan 30 12:32:33 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- Upgrade to 1.16.3 + * Fix a regression in the MEMORY credential cache type which could cause + client programs to crash. + * MEMORY credential caches will not be listed in the global collection, + with the exception of the default credential cache if it is of type MEMORY. + * Remove an incorrect assertion in the KDC which could be used to cause + a crash [CVE-2018-20217]. + * Fix bugs with concurrent use of MEMORY ccache handles. + * Fix a KDC crash when falling back between multiple OTP tokens configured + for a principal entry. + * Fix memory bugs when gss_add_cred() is used to create a new credential, + and fix a bug where it ignores the desired_name. + * Fix the behavior of gss_inquire_cred_by_mech() when the credential does + not contain an element of the requested mechanism. + * Make cross-realm S4U2Self requests work on the client when no + default_realm is configured. + * Add a kerberos(7) man page containing documentation of the environment + variables that affect Kerberos programs. +- Use systemd-tmpfiles to create files under /var/lib/kerberos, required + by transactional updates; (bsc#1100126); +- Rename patches: + * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch + * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch + * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch + * krb5-1.6.3-gssapi_improve_errormessages.dif to + 0004-krb5-1.6.3-gssapi_improve_errormessages.patch + * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch + * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch + * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch + * krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch + * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch + +------------------------------------------------------------------- +Tue Oct 9 20:13:24 UTC 2018 - James McDonough <jmcdono...@suse.com> + +- Upgrade to 1.16.1 + * kdc client cert matching on client principal entry + * Allow ktutil addent command to ignore key version and use + non-default salt string. + * add kpropd pidfile support + * enable "encrypted_challenge_indicator" realm option on tickets + obtained using FAST encrypted challenge pre-authentication. + * dates through 2106 accepted + * KDC support for trivially renewable tickets + * stop caching referral and alternate cross-realm TGTs to prevent + duplicate credential cache entries + +------------------------------------------------------------------- +Fri May 4 09:48:36 UTC 2018 - mich...@stroeder.com + +- Upgrade to 1.15.3 + * Fix flaws in LDAP DN checking, including a null dereference KDC + crash which could be triggered by kadmin clients with administrative + privileges [CVE-2018-5729, CVE-2018-5730]. + * Fix a KDC PKINIT memory leak. + * Fix a small KDC memory leak on transited or authdata errors when + processing TGS requests. + * Fix a null dereference when the KDC sends a large TGS reply. + * Fix "kdestroy -A" with the KCM credential cache type. + * Fix the handling of capaths "." values. + * Fix handling of repeated subsection specifications in profile files + (such as when multiple included files specify relations in the same + subsection). + +------------------------------------------------------------------- +Wed Apr 25 21:56:35 UTC 2018 - luizl...@gmail.com + +- Added support for /etc/krb5.conf.d/ for configuration snippets + +------------------------------------------------------------------- +Thu Nov 23 13:38:33 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Oct 2 22:53:28 UTC 2017 - jeng...@inai.de + +- Update package descriptions. + +------------------------------------------------------------------- +Mon Sep 25 19:45:05 UTC 2017 - mich...@stroeder.com + +- Upgrade to 1.15.2 + * Fix a KDC denial of service vulnerability caused by unset status + strings [CVE-2017-11368] + * Preserve GSS contexts on init/accept failure [CVE-2017-11462] + * Fix kadm5 setkey operation with LDAP KDB module + * Use a ten-second timeout after successful connection for HTTPS KDC + requests, as we do for TCP requests + * Fix client null dereference when KDC offers encrypted challenge + without FAST + * Ignore dotfiles when processing profile includedir directive + * Improve documentation + +------------------------------------------------------------------- +Fri Aug 18 08:27:26 UTC 2017 - h...@suse.com + +- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf + in order to improve client security in handling service principle + names. (bsc#1054028) + +------------------------------------------------------------------- +Tue Jun 6 13:36:34 UTC 2017 - h...@suse.com + +- There is no change made about the package itself, this is only + copying over some changelog texts from SLE package: +- bug#918595 owned by vark...@suse.com: VUL-0: CVE-2014-5355 + krb5: denial of service in krb5_read_message +- bug#912002 owned by vark...@suse.com: VUL-0 + CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423: + krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token +- bug#910458 owned by vark...@suse.com: VUL-1 + CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries +- bug#928978 owned by vark...@suse.com: VUL-0 + CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading + to requires_preauth bypass +- bug#910457 owned by vark...@suse.com: VUL-1 + CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy + name as a password policy name +- bug#991088 owned by h...@suse.com: VUL-1 + CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted +- bug#992853 owned by h...@suse.com: krb5: bogus prerequires +- [fate#320326](https://fate.suse.com/320326) +- bug#982313 owned by pgaj...@suse.com: Doxygen unable to resolve reference + from \cite + +------------------------------------------------------------------- +Thu Apr 6 13:00:26 CEST 2017 - ku...@suse.de + +- Remove wrong PreRequires + +------------------------------------------------------------------- +Thu Mar 9 20:58:42 UTC 2017 - mich...@stroeder.com + +- use HTTPS project and source URLs + +------------------------------------------------------------------- +Thu Mar 9 16:31:41 UTC 2017 - meiss...@suse.com + +- use source urls. +- krb5.keyring: Added Greg Hudson + +------------------------------------------------------------------- +Sat Mar 4 21:29:34 UTC 2017 - mich...@stroeder.com + +- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch +- Upgrade to 1.15.1 + * Allow KDB modules to determine how the e_data field of principal + fields is freed + * Fix udp_preference_limit when the KDC location is configured with + SRV records + * Fix KDC and kadmind startup on some IPv4-only systems + * Fix the processing of PKINIT certificate matching rules which have + two components and no explicit relation + * Improve documentation + +------------------------------------------------------------------- +Thu Jan 19 16:01:27 UTC 2017 - a...@cryptomilk.org + +- Introduce patch + krb5-1.15-fix_kdb_free_principal_e_data.patch + to fix freeing of e_data in the kdb principal + +------------------------------------------------------------------- +Sat Dec 3 13:04:11 UTC 2016 - mich...@stroeder.com + +- Upgrade to 1.15 +- obsoleted Patch7 (krb5-1.7-doublelog.patch) fixed in 1.12.2 +- obsoleted patch to src/util/gss-kernel-lib/Makefile.in since + file is not available in upstream source anymore +- obsoleted Patch15 (krb5-fix_interposer.patch) fixed in 1.15 +- doc/CHANGES not available in 1.15 source anymore + +- Upgrade from 1.14.4 to 1.15 - major changes: + Administrator experience: + * Add support to kadmin for remote extraction of current keys without + changing them (requires a special kadmin permission that is excluded + from the wildcard permission), with the exception of highly + protected keys. + * Add a lockdown_keys principal attribute to prevent retrieval of the + principal's keys (old or new) via the kadmin protocol. In newly ++++ 1650 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.krb5.12977.new.3060/krb5-mini.changes New Changes file: --- /dev/null 2020-06-25 10:56:43.568241769 +0200 +++ /work/SRC/openSUSE:Leap:15.1:Update/.krb5.12977.new.3060/krb5.changes 2020-06-29 06:16:55.946130785 +0200 @@ -0,0 +1,1916 @@ +------------------------------------------------------------------- +Mon Jun 8 10:01:09 UTC 2020 - Samuel Cabrero <scabr...@suse.de> + +- Update logrotate script, call systemd to reload the services + instead of init-scripts. (boo#1169357) + +------------------------------------------------------------------- +Mon Aug 5 15:26:39 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- Integrate pam_keyinit pam module, ksu-pam.d; (bsc#1081947); + (bsc#1144047); + +------------------------------------------------------------------- +Tue May 7 09:34:24 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- Move LDAP schema files from /usr/share/doc/packages/krb5 to + /usr/share/kerberos/ldap; (bsc#1134217); + +------------------------------------------------------------------- +Wed Jan 30 12:32:33 UTC 2019 - Samuel Cabrero <scabr...@suse.de> + +- Upgrade to 1.16.3 + * Fix a regression in the MEMORY credential cache type which could cause + client programs to crash. + * MEMORY credential caches will not be listed in the global collection, + with the exception of the default credential cache if it is of type MEMORY. + * Remove an incorrect assertion in the KDC which could be used to cause + a crash [CVE-2018-20217]. + * Fix bugs with concurrent use of MEMORY ccache handles. + * Fix a KDC crash when falling back between multiple OTP tokens configured + for a principal entry. + * Fix memory bugs when gss_add_cred() is used to create a new credential, + and fix a bug where it ignores the desired_name. + * Fix the behavior of gss_inquire_cred_by_mech() when the credential does + not contain an element of the requested mechanism. + * Make cross-realm S4U2Self requests work on the client when no + default_realm is configured. + * Add a kerberos(7) man page containing documentation of the environment + variables that affect Kerberos programs. +- Use systemd-tmpfiles to create files under /var/lib/kerberos, required + by transactional updates; (bsc#1100126); +- Rename patches: + * krb5-1.12-pam.patch => 0001-krb5-1.12-pam.patch + * krb5-1.9-manpaths.dif => 0002-krb5-1.9-manpaths.patch + * krb5-1.12-buildconf.patch => 0003-krb5-1.12-buildconf.patch + * krb5-1.6.3-gssapi_improve_errormessages.dif to + 0004-krb5-1.6.3-gssapi_improve_errormessages.patch + * krb5-1.6.3-ktutil-manpage.dif => 0005-krb5-1.6.3-ktutil-manpage.patch + * krb5-1.12-api.patch => 0006-krb5-1.12-api.patch + * krb5-1.12-ksu-path.patch => 0007-krb5-1.12-ksu-path.patch + * krb5-1.12-selinux-label.patch => 0008-krb5-1.12-selinux-label.patch + * krb5-1.9-debuginfo.patch => 0009-krb5-1.9-debuginfo.patch + +------------------------------------------------------------------- +Tue Oct 9 20:00:21 UTC 2018 - James McDonough <jmcdono...@suse.com> + +- Upgrade to 1.16.1 + * kdc client cert matching on client principal entry + * Allow ktutil addent command to ignore key version and use + non-default salt string. + * add kpropd pidfile support + * enable "encrypted_challenge_indicator" realm option on tickets + obtained using FAST encrypted challenge pre-authentication. + * dates through 2106 accepted + * KDC support for trivially renewable tickets + * stop caching referral and alternate cross-realm TGTs to prevent + duplicate credential cache entries + +------------------------------------------------------------------- +Mon Jun 18 11:02:57 UTC 2018 - mc...@suse.com + +- BSC#1021402 move %{_libdir}/krb5/plugins/tls/k5tls.so to krb5 package + so it is avaiable for krb5-client as well. + +------------------------------------------------------------------- +Fri May 4 09:48:36 UTC 2018 - mich...@stroeder.com + +- Upgrade to 1.15.3 + * Fix flaws in LDAP DN checking, including a null dereference KDC + crash which could be triggered by kadmin clients with administrative + privileges [CVE-2018-5729, CVE-2018-5730]. + * Fix a KDC PKINIT memory leak. + * Fix a small KDC memory leak on transited or authdata errors when + processing TGS requests. + * Fix a null dereference when the KDC sends a large TGS reply. + * Fix "kdestroy -A" with the KCM credential cache type. + * Fix the handling of capaths "." values. + * Fix handling of repeated subsection specifications in profile files + (such as when multiple included files specify relations in the same + subsection). + +------------------------------------------------------------------- +Wed Apr 25 21:54:39 UTC 2018 - luizl...@gmail.com + +- Added support for /etc/krb5.conf.d/ for configuration snippets + +------------------------------------------------------------------- +Thu Nov 23 13:38:38 UTC 2017 - rbr...@suse.com + +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) + +------------------------------------------------------------------- +Mon Nov 6 10:23:00 UTC 2017 - h...@suse.com + +- Remove build dependency doxygen, python-Cheetah, python-Sphinx, + python-libxml2, python-lxml, most of which are python 2 programs. + Consequently remove -doc subpackage. Users are encouraged to use + online documentation. (bsc#1066461) + +------------------------------------------------------------------- +Mon Oct 2 22:53:28 UTC 2017 - jeng...@inai.de + +- Update package descriptions. + +------------------------------------------------------------------- +Mon Sep 25 19:45:05 UTC 2017 - mich...@stroeder.com + +- Upgrade to 1.15.2 + * Fix a KDC denial of service vulnerability caused by unset status + strings [CVE-2017-11368] + * Preserve GSS contexts on init/accept failure [CVE-2017-11462] + * Fix kadm5 setkey operation with LDAP KDB module + * Use a ten-second timeout after successful connection for HTTPS KDC + requests, as we do for TCP requests + * Fix client null dereference when KDC offers encrypted challenge + without FAST + * Ignore dotfiles when processing profile includedir directive + * Improve documentation + +------------------------------------------------------------------- +Fri Aug 18 08:27:26 UTC 2017 - h...@suse.com + +- Set "rdns" and "dns_canonicalize_hostname" to false in krb5.conf + in order to improve client security in handling service principle + names. (bsc#1054028) + +------------------------------------------------------------------- +Fri Aug 11 09:08:58 UTC 2017 - h...@suse.com + +- Prevent kadmind.service startup failure caused by absence of + LDAP service. (bsc#903543) + +------------------------------------------------------------------- +Tue Jun 6 13:36:34 UTC 2017 - h...@suse.com + +- There is no change made about the package itself, this is only + copying over some changelog texts from SLE package: +- bug#918595 owned by vark...@suse.com: VUL-0: CVE-2014-5355 + krb5: denial of service in krb5_read_message +- bug#912002 owned by vark...@suse.com: VUL-0 + CVE-2014-5352, CVE-2014-9421, CVE-2014-9422, CVE-2014-9423: + krb5: Vulnerabilities in kadmind, libgssrpc, gss_process_context_token +- bug#910458 owned by vark...@suse.com: VUL-1 + CVE-2014-5354: krb5: NULL pointer dereference when using keyless entries +- bug#928978 owned by vark...@suse.com: VUL-0 + CVE-2015-2694: krb5: issues in OTP and PKINIT kdcpreauth modules leading + to requires_preauth bypass +- bug#910457 owned by vark...@suse.com: VUL-1 + CVE-2014-5353: krb5: NULL pointer dereference when using a ticket policy + name as a password policy name +- bug#991088 owned by h...@suse.com: VUL-1 + CVE-2016-3120: krb5: S4U2Self KDC crash when anon is restricted +- bug#992853 owned by h...@suse.com: krb5: bogus prerequires +- [fate#320326](https://fate.suse.com/320326) +- bug#982313 owned by pgaj...@suse.com: Doxygen unable to resolve reference + from \cite + +------------------------------------------------------------------- +Thu Apr 6 12:58:53 CEST 2017 - ku...@suse.de + +- Remove wrong PreRequires from krb5 + +------------------------------------------------------------------- +Thu Mar 9 20:58:42 UTC 2017 - mich...@stroeder.com + +- use HTTPS project and source URLs + +------------------------------------------------------------------- +Thu Mar 9 16:31:41 UTC 2017 - meiss...@suse.com + +- use source urls. +- krb5.keyring: Added Greg Hudson + +------------------------------------------------------------------- +Sat Mar 4 21:29:34 UTC 2017 - mich...@stroeder.com + +- removed obsolete krb5-1.15-fix_kdb_free_principal_e_data.patch +- Upgrade to 1.15.1 + * Allow KDB modules to determine how the e_data field of principal + fields is freed + * Fix udp_preference_limit when the KDC location is configured with + SRV records + * Fix KDC and kadmind startup on some IPv4-only systems + * Fix the processing of PKINIT certificate matching rules which have + two components and no explicit relation + * Improve documentation ++++ 1719 more lines (skipped) ++++ between /dev/null ++++ and /work/SRC/openSUSE:Leap:15.1:Update/.krb5.12977.new.3060/krb5.changes New: ---- 0001-krb5-1.12-pam.patch 0002-krb5-1.9-manpaths.patch 0003-krb5-1.12-buildconf.patch 0004-krb5-1.6.3-gssapi_improve_errormessages.patch 0005-krb5-1.6.3-ktutil-manpage.patch 0006-krb5-1.12-api.patch 0007-krb5-1.12-ksu-path.patch 0008-krb5-1.12-selinux-label.patch 0009-krb5-1.9-debuginfo.patch baselibs.conf krb5-1.16.3.tar.gz krb5-1.16.3.tar.gz.asc krb5-mini.changes krb5-mini.spec krb5-rpmlintrc krb5.changes krb5.keyring krb5.spec krb5.tmpfiles ksu-pam.d vendor-files.tar.bz2 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ krb5-mini.spec ++++++ # # spec file for package krb5-mini # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif %define srcRoot krb5-1.16.3 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 Name: krb5-mini Url: https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel Version: 1.16.3 Release: 0 Summary: MIT Kerberos5 implementation and libraries with minimal dependencies License: MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss BuildRequires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit %endif Conflicts: krb5-mini Conflicts: krb5 Conflicts: krb5-client Conflicts: krb5-server Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-otp Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf Source5: krb5-rpmlintrc Source6: krb5.tmpfiles Patch1: 0001-krb5-1.12-pam.patch Patch2: 0002-krb5-1.9-manpaths.patch Patch3: 0003-krb5-1.12-buildconf.patch Patch4: 0004-krb5-1.6.3-gssapi_improve_errormessages.patch Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-krb5-1.12-ksu-path.patch Patch8: 0008-krb5-1.12-selinux-label.patch Patch9: 0009-krb5-1.9-debuginfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: %fillup_prereq %description Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of clear text passwords. The package delivers MIT Kerberos with reduced features and minimal dependencies %package devel Summary: Development files for MIT Kerberos5 (openSUSE mini variant) Group: Development/Libraries/C and C++ PreReq: %{name} = %{version} Requires: keyutils-devel Requires: libcom_err-devel Requires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-devel-64bit %endif Provides: krb5-devel = %{version} Conflicts: krb5-devel %description devel Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes Libraries and Include Files for Development %prep %setup -q -n %{srcRoot} %setup -a 3 -T -D -n %{srcRoot} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %build # needs to be re-generated rm -f src/lib/krb5/krb/deltat.c cd src autoreconf -fi DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME ./configure \ CC="%{__cc}" \ CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --prefix=/usr/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libexecdir=/usr/lib/mit/sbin \ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ --localedir=%{_datadir}/locale \ --enable-shared \ --disable-static \ --enable-dns-for-realm \ --disable-rpath \ --disable-pkinit \ --without-pam \ --with-selinux \ --with-system-et \ --with-system-ss \ --with-system-verto make %{?_smp_mflags} # Copy kadmin manual page into kadmin.local's due to the split between client and server package cp man/kadmin.man man/kadmin.local.8 %install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5 cd src make DESTDIR=%{buildroot} install cd .. # Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks # of the buildconf patch already conspire to strip out /usr/<anything> from the # list of link flags, and it helps prevent file conflicts on multilib systems. sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/ # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist install -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/ install -m 644 %{SOURCE6} %{buildroot}/usr/lib/tmpfiles.d/krb5.conf mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc # Where per-user keytabs live by default. mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_datadir}/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_datadir}/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_datadir}/kerberos/krb5kdc/ # all libs must have permissions 0755 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"` do chmod 0755 ${lib} done # and binaries too chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu # install systemd files %if 0%{?suse_version} >= 1210 mkdir -p %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/krb5kdc.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kpropd.service %{buildroot}%{_unitdir} %else # install init scripts mkdir -p %{buildroot}%{_sysconfdir}/init.d install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server find . -type f -name '*.ps' -exec gzip -9 {} \; # create rc* links mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/sbin/ %if 0%{?suse_version} >= 1210 %if 0%{?suse_version} > 1220 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckadmind ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckrb5kdc ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckpropd %else ln -s /sbin/service %{buildroot}%{_sbindir}/rckadmind ln -s /sbin/service %{buildroot}%{_sbindir}/rckrb5kdc ln -s /sbin/service %{buildroot}%{_sbindir}/rcpropd %endif %else ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/sbin/rckadmind ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/sbin/rckrb5kdc ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/sbin/rckpropd %endif # create links for kinit and klist, because of the java ones ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist # install doc install -d -m 755 %{buildroot}/%{krb5docdir} install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* rm -rf %{buildroot}/usr/lib/mit/share/examples # manually remove otp plugin for krb5-mini since configure # doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/otp.so # manually remove test plugin since configure doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so %find_lang mit-krb5 ##################################################### # krb5-mini pre/post/postun ##################################################### %preun %service_del_preun krb5kdc.service kadmind.service kpropd.service %postun /sbin/ldconfig %service_del_postun krb5kdc.service kadmind.service kpropd.service %post /sbin/ldconfig %service_add_post krb5kdc.service kadmind.service kpropd.service %tmpfiles_create krb5.conf %{fillup_only -n kadmind} %{fillup_only -n krb5kdc} %{fillup_only -n kpropd} %pre %service_add_pre krb5kdc.service kadmind.service kpropd.service ######################################################## # files sections ######################################################## %files devel %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin %dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt_mit.so %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5srv_mit.so %{_libdir}/libkadm5srv.so %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libkrad.so %{_libdir}/pkgconfig/gssrpc.pc %{_libdir}/pkgconfig/kadm-client.pc %{_libdir}/pkgconfig/kadm-server.pc %{_libdir}/pkgconfig/kdb.pc %{_libdir}/pkgconfig/krb5-gssapi.pc %{_libdir}/pkgconfig/krb5.pc %{_libdir}/pkgconfig/mit-krb5-gssapi.pc %{_libdir}/pkgconfig/mit-krb5.pc %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %files -f mit-krb5.lang %defattr(-,root,root) %dir %{krb5docdir} # add directories %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 %dir %{_libdir}/krb5/plugins/tls %attr(0700,root,root) %dir /var/log/krb5 %dir /usr/lib/mit %dir /usr/lib/mit/sbin %dir /usr/lib/mit/bin %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf %dir %{_sysconfdir}/krb5.conf.d %attr(0644,root,root) %config /etc/profile.d/krb5* %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_fillupdir}/sysconfig.* %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service %{_libdir}/libgssapi_krb5.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/kdb/* %{_libdir}/krb5/plugins/tls/* %{_libexecdir}/tmpfiles.d/krb5.conf %dir %{_datadir}/kerberos/ %dir %{_datadir}/kerberos/krb5kdc %dir %{_datadir}/kerberos/krb5 %dir %{_datadir}/kerberos/krb5/user %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kdc.conf %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.dict %ghost %dir %{_sharedstatedir}/kerberos/ %ghost %dir %{_sharedstatedir}/kerberos/krb5kdc %ghost %dir %{_sharedstatedir}/kerberos/krb5 %ghost %dir %{_sharedstatedir}/kerberos/krb5/user %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kdc.conf %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.acl %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.dict /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind /usr/lib/mit/sbin/kpropd /usr/lib/mit/sbin/kproplog /usr/lib/mit/sbin/kprop /usr/lib/mit/sbin/kdb5_util /usr/lib/mit/sbin/krb5kdc /usr/lib/mit/sbin/uuserver /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/gss-server /usr/lib/mit/sbin/sim_server /usr/lib/mit/bin/k5srvutil /usr/lib/mit/bin/kvno /usr/lib/mit/bin/kinit /usr/lib/mit/bin/kdestroy /usr/lib/mit/bin/kpasswd /usr/lib/mit/bin/klist /usr/lib/mit/bin/kadmin /usr/lib/mit/bin/ktutil /usr/lib/mit/bin/kswitch %attr(0755,root,root) /usr/lib/mit/bin/ksu /usr/lib/mit/bin/uuclient /usr/lib/mit/bin/sclient /usr/lib/mit/bin/gss-client /usr/lib/mit/bin/sim_client /usr/bin/kinit /usr/bin/klist /usr/sbin/rc* %{_mandir}/man1/kvno.1* %{_mandir}/man1/kinit.1* %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* %{_mandir}/man1/ksu.1* %{_mandir}/man1/sclient.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* %{_mandir}/man1/kswitch.1* %{_mandir}/man5/* %{_mandir}/man5/.k5login.5.gz %{_mandir}/man5/.k5identity.5* %{_mandir}/man7/kerberos.7.gz %{_mandir}/man8/* %changelog ++++++ krb5.spec ++++++ # # spec file for package krb5 # # Copyright (c) 2019 SUSE LINUX GmbH, Nuernberg, Germany. # # All modifications and additions to the file contributed by third parties # remain the property of their copyright owners, unless otherwise agreed # upon. The license for this file, and modifications and additions to the # file, is the same license as for the pristine package itself (unless the # license for the pristine package is not an Open Source License, in which # case the license is the MIT License). An "Open Source License" is a # license that conforms to the Open Source Definition (Version 1.9) # published by the Open Source Initiative. # Please submit bugfixes or comments via https://bugs.opensuse.org/ # #Compat macro for new _fillupdir macro introduced in Nov 2017 %if ! %{defined _fillupdir} %define _fillupdir /var/adm/fillup-templates %endif Name: krb5 Url: https://web.mit.edu/kerberos/www/ BuildRequires: autoconf BuildRequires: bison BuildRequires: keyutils BuildRequires: keyutils-devel BuildRequires: libcom_err-devel BuildRequires: libselinux-devel BuildRequires: ncurses-devel Version: 1.16.3 Release: 0 Summary: MIT Kerberos5 implementation License: MIT Group: Productivity/Networking/Security Obsoletes: krb5-plugin-preauth-pkinit-nss BuildRequires: libopenssl-devel BuildRequires: libverto-devel BuildRequires: openldap2-devel BuildRequires: pam-devel BuildRequires: pkgconfig(systemd) # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit %endif Conflicts: krb5-mini Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc Source2: krb5.keyring Source3: vendor-files.tar.bz2 Source4: baselibs.conf Source5: krb5-rpmlintrc Source6: ksu-pam.d Source7: krb5.tmpfiles Patch1: 0001-krb5-1.12-pam.patch Patch2: 0002-krb5-1.9-manpaths.patch Patch3: 0003-krb5-1.12-buildconf.patch Patch4: 0004-krb5-1.6.3-gssapi_improve_errormessages.patch Patch5: 0005-krb5-1.6.3-ktutil-manpage.patch Patch6: 0006-krb5-1.12-api.patch Patch7: 0007-krb5-1.12-ksu-path.patch Patch8: 0008-krb5-1.12-selinux-label.patch Patch9: 0009-krb5-1.9-debuginfo.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build %description Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of clear text passwords. %package client Conflicts: krb5-mini Summary: Client programs of the MIT Kerberos5 implementation Group: Productivity/Networking/Security %description client Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes some required client programs, like kinit, kadmin, ... %package server Summary: Server program of the MIT Kerberos5 implementation Group: Productivity/Networking/Security Requires: cron Requires: libverto-libev1 Requires: logrotate Requires: perl-Date-Calc %if 0%{?suse_version} >= 1210 %{?systemd_requires} %else PreReq: %insserv_prereq %endif PreReq: %fillup_prereq %description server Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes the kdc, kadmind and more. %package plugin-kdb-ldap Summary: LDAP database plugin for MIT Kerberos5 Group: Productivity/Networking/Security Requires: krb5-server = %{version} %description plugin-kdb-ldap Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of clear text passwords. This package contains the LDAP database plugin. %package plugin-preauth-pkinit Summary: PKINIT preauthentication plugin for MIT Kerberos5 Group: Productivity/Networking/Security %description plugin-preauth-pkinit Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes a PKINIT plugin. %package plugin-preauth-otp Summary: OTP preauthentication plugin for MIT Kerberos5 Group: Productivity/Networking/Security %description plugin-preauth-otp Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes a OTP plugin. %package doc Summary: Documentation for the MIT Kerberos5 implementation Group: Documentation/Other %description doc Kerberos V5 is a trusted-third-party network authentication system,which can improve network security by eliminating the insecurepractice of clear text passwords. This package includes extended documentation for MIT Kerberos. %package devel Summary: Development files for MIT Kerberos5 Group: Development/Libraries/C and C++ PreReq: %{name} = %{version} Requires: keyutils-devel Requires: libcom_err-devel Requires: libverto-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-devel-64bit %endif Conflicts: krb5-mini-devel %description devel Kerberos V5 is a trusted-third-party network authentication system, which can improve network security by eliminating the insecure practice of cleartext passwords. This package includes Libraries and Include Files for Development %define srcRoot krb5-%{version} %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 %prep %setup -q -n %{srcRoot} %setup -a 3 -T -D -n %{srcRoot} %patch1 -p1 %patch2 -p1 %patch3 -p1 %patch4 -p1 %patch5 -p1 %patch6 -p1 %patch7 -p1 %patch8 -p1 %patch9 -p1 %build # needs to be re-generated rm -f src/lib/krb5/krb/deltat.c cd src autoreconf -fi DEFCCNAME=DIR:/run/user/%%{uid}/krb5cc; export DEFCCNAME ./configure \ CC="%{__cc}" \ CFLAGS="$RPM_OPT_FLAGS -I%{_includedir}/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC $(getconf LFS_CFLAGS)" \ CPPFLAGS="-I%{_includedir}/et " \ SS_LIB="-lss" \ --prefix=/usr/lib/mit \ --sysconfdir=%{_sysconfdir} \ --mandir=%{_mandir} \ --infodir=%{_infodir} \ --libexecdir=/usr/lib/mit/sbin \ --libdir=%{_libdir} \ --includedir=%{_includedir} \ --localstatedir=%{_localstatedir}/lib/kerberos \ --localedir=%{_datadir}/locale \ --enable-shared \ --disable-static \ --enable-dns-for-realm \ --disable-rpath \ --with-ldap \ --with-pam \ --enable-pkinit \ --with-pkinit-crypto-impl=openssl \ --with-selinux \ --with-system-et \ --with-system-ss \ --with-system-verto make %{?_smp_mflags} # Copy kadmin manual page into kadmin.local's due to the split between client and server package cp man/kadmin.man man/kadmin.local.8 %install mkdir -p $RPM_BUILD_ROOT%{_localstatedir}/log/krb5 cd src make DESTDIR=%{buildroot} install cd .. # Munge krb5-config yet again. This is totally wrong for 64-bit, but chunks # of the buildconf patch already conspire to strip out /usr/<anything> from the # list of link flags, and it helps prevent file conflicts on multilib systems. sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT/usr/lib/mit/bin/krb5-config # install autoconf macro mkdir -p %{buildroot}/%{_datadir}/aclocal install -m 644 src/util/ac_check_krb5.m4 %{buildroot}%{_datadir}/aclocal/ # install sample config files # I'll probably do something about this later on mkdir -p %{buildroot}%{_sysconfdir} mkdir -p %{buildroot}%{_sysconfdir}/krb5.conf.d mkdir -p %{buildroot}/etc/profile.d/ mkdir -p %{buildroot}/var/log/krb5 mkdir -p %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/ # create plugin directories mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/preauth mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/libkrb5 mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/tls install -m 644 %{vendorFiles}/krb5.conf %{buildroot}%{_sysconfdir} install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.csh install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind # Do not write directly to /var/lib/kerberos anymore as it breaks transactional # updates. Use systemd-tmpfiles to copy the files there when it doesn't exist install -d -m 0755 %{buildroot}/usr/lib/tmpfiles.d/ install -m 644 %{SOURCE7} %{buildroot}/usr/lib/tmpfiles.d/krb5.conf mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5kdc # Where per-user keytabs live by default. mkdir -p %{buildroot}/%{_datadir}/kerberos/krb5/user install -m 600 %{vendorFiles}/kdc.conf %{buildroot}%{_datadir}/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.acl %{buildroot}%{_datadir}/kerberos/krb5kdc/ install -m 600 %{vendorFiles}/kadm5.dict %{buildroot}%{_datadir}/kerberos/krb5kdc/ # all libs must have permissions 0755 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"` do chmod 0755 ${lib} done # and binaries too chmod 0755 %{buildroot}/usr/lib/mit/bin/ksu # install systemd files %if 0%{?suse_version} >= 1210 mkdir -p %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kadmind.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/krb5kdc.service %{buildroot}%{_unitdir} install -m 644 %{vendorFiles}/kpropd.service %{buildroot}%{_unitdir} %else # install init scripts mkdir -p %{buildroot}%{_sysconfdir}/init.d install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd %endif # install sysconfig templates mkdir -p $RPM_BUILD_ROOT/%{_fillupdir} install -m 644 %{vendorFiles}/sysconfig.kadmind $RPM_BUILD_ROOT/%{_fillupdir}/ install -m 644 %{vendorFiles}/sysconfig.krb5kdc $RPM_BUILD_ROOT/%{_fillupdir}/ # install logrotate files mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server find . -type f -name '*.ps' -exec gzip -9 {} \; # create rc* links mkdir -p %{buildroot}/usr/bin/ mkdir -p %{buildroot}/usr/sbin/ %if 0%{?suse_version} >= 1210 %if 0%{?suse_version} > 1220 ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckadmind ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckrb5kdc ln -s %{_sbindir}/service %{buildroot}%{_sbindir}/rckpropd %else ln -s /sbin/service %{buildroot}%{_sbindir}/rckadmind ln -s /sbin/service %{buildroot}%{_sbindir}/rckrb5kdc ln -s /sbin/service %{buildroot}%{_sbindir}/rcpropd %endif %else ln -sf ../../etc/init.d/kadmind %{buildroot}/usr/sbin/rckadmind ln -sf ../../etc/init.d/krb5kdc %{buildroot}/usr/sbin/rckrb5kdc ln -sf ../../etc/init.d/kpropd %{buildroot}/usr/sbin/rckpropd %endif # create links for kinit and klist, because of the java ones ln -sf ../../usr/lib/mit/bin/kinit %{buildroot}/usr/bin/kinit ln -sf ../../usr/lib/mit/bin/klist %{buildroot}/usr/bin/klist # install doc install -d -m 755 %{buildroot}/%{krb5docdir} install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README install -d -m 755 %{buildroot}/%{_datadir}/kerberos/ldap install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{_datadir}/kerberos/ldap/kerberos.schema install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{_datadir}/kerberos/ldap/kerberos.ldif # link pam-config for su to ksu mkdir -p %{buildroot}/etc/pam.d/ install -m 644 %{S:6} %{buildroot}/etc/pam.d/ksu # cleanup rm -f %{buildroot}/usr/share/man/man1/tmac.doc* rm -f /usr/share/man/man1/tmac.doc* html/.doctrees/environment.pickle rm -rf %{buildroot}/usr/lib/mit/share/examples # manually remove test plugin since configure doesn't support disabling it at build time rm -f %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so %find_lang mit-krb5 %post -p /sbin/ldconfig %postun -p /sbin/ldconfig %preun server %service_del_preun krb5kdc.service kadmind.service kpropd.service %postun server %service_del_postun krb5kdc.service kadmind.service kpropd.service %post server %service_add_post krb5kdc.service kadmind.service kpropd.service %tmpfiles_create krb5.conf %{fillup_only -n kadmind} %{fillup_only -n krb5kdc} %{fillup_only -n kpropd} %pre server %service_add_pre krb5kdc.service kadmind.service kpropd.service %post plugin-kdb-ldap -p /sbin/ldconfig %postun plugin-kdb-ldap -p /sbin/ldconfig %files devel %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin %dir /usr/lib/mit/share %dir %{_datadir}/aclocal %{_libdir}/libgssrpc.so %{_libdir}/libk5crypto.so %{_libdir}/libkadm5clnt_mit.so %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5srv_mit.so %{_libdir}/libkadm5srv.so %{_libdir}/libkdb5.so %{_libdir}/libkrb5.so %{_libdir}/libkrb5support.so %{_libdir}/libkrad.so %{_libdir}/pkgconfig/gssrpc.pc %{_libdir}/pkgconfig/kadm-client.pc %{_libdir}/pkgconfig/kadm-server.pc %{_libdir}/pkgconfig/kdb.pc %{_libdir}/pkgconfig/krb5-gssapi.pc %{_libdir}/pkgconfig/krb5.pc %{_libdir}/pkgconfig/mit-krb5-gssapi.pc %{_libdir}/pkgconfig/mit-krb5.pc %{_includedir}/* /usr/lib/mit/bin/krb5-config /usr/lib/mit/sbin/krb5-send-pr %{_mandir}/man1/krb5-config.1* %{_datadir}/aclocal/ac_check_krb5.m4 %files -f mit-krb5.lang %defattr(-,root,root) %dir %{krb5docdir} # add plugin directories %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/libkrb5 %dir %{_libdir}/krb5/plugins/tls # add log directory %attr(0700,root,root) %dir /var/log/krb5 %doc %{krb5docdir}/README %attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf %dir %{_sysconfdir}/krb5.conf.d %attr(0644,root,root) %config /etc/profile.d/krb5* %{_libdir}/libgssapi_krb5.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %{_libdir}/libkdb5.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %{_libdir}/libkrad.so.* %{_libdir}/krb5/plugins/tls/*.so %files server %defattr(-,root,root) %attr(0700,root,root) %dir /var/log/krb5 %config(noreplace) %{_sysconfdir}/logrotate.d/krb5-server %if 0%{?suse_version} >= 1210 %{_unitdir}/kadmind.service %{_unitdir}/krb5kdc.service %{_unitdir}/kpropd.service %{_libexecdir}/tmpfiles.d/krb5.conf %else %{_sysconfdir}/init.d/kadmind %{_sysconfdir}/init.d/krb5kdc %{_sysconfdir}/init.d/kpropd %endif %dir %{krb5docdir} %dir /usr/lib/mit %dir /usr/lib/mit/sbin %dir %{_datadir}/kerberos/ %dir %{_datadir}/kerberos/krb5kdc %dir %{_datadir}/kerberos/krb5 %dir %{_datadir}/kerberos/krb5/user %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/tls %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kdc.conf %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.acl %attr(0600,root,root) %config(noreplace) %{_datadir}/kerberos/krb5kdc/kadm5.dict %ghost %dir %{_sharedstatedir}/kerberos/ %ghost %dir %{_sharedstatedir}/kerberos/krb5kdc %ghost %dir %{_sharedstatedir}/kerberos/krb5 %ghost %dir %{_sharedstatedir}/kerberos/krb5/user %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kdc.conf %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.acl %ghost %attr(0600,root,root) %config(noreplace) %{_sharedstatedir}/kerberos/krb5kdc/kadm5.dict %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k* %{_fillupdir}/sysconfig.* /usr/sbin/rc* /usr/lib/mit/sbin/kadmin.local /usr/lib/mit/sbin/kadmind /usr/lib/mit/sbin/kpropd /usr/lib/mit/sbin/kproplog /usr/lib/mit/sbin/kprop /usr/lib/mit/sbin/kdb5_util /usr/lib/mit/sbin/krb5kdc /usr/lib/mit/sbin/gss-server /usr/lib/mit/sbin/sim_server /usr/lib/mit/sbin/sserver /usr/lib/mit/sbin/uuserver %{_libdir}/krb5/plugins/kdb/db2.so %{_mandir}/man5/kdc.conf.5* %{_mandir}/man5/kadm5.acl.5* %{_mandir}/man8/kadmind.8* %{_mandir}/man8/kadmin.local.8* %{_mandir}/man8/kpropd.8* %{_mandir}/man8/kprop.8* %{_mandir}/man8/kproplog.8.gz %{_mandir}/man8/kdb5_util.8* %{_mandir}/man8/krb5kdc.8* %{_mandir}/man8/sserver.8* %files client %defattr(-,root,root) %dir /usr/lib/mit %dir /usr/lib/mit/bin %dir /usr/lib/mit/sbin %attr(0644,root,root) %config(noreplace) /etc/pam.d/ksu /usr/lib/mit/bin/kvno /usr/lib/mit/bin/kinit /usr/lib/mit/bin/kdestroy /usr/lib/mit/bin/kpasswd /usr/lib/mit/bin/klist /usr/lib/mit/bin/kadmin /usr/lib/mit/bin/ktutil /usr/lib/mit/bin/k5srvutil /usr/lib/mit/bin/gss-client /usr/lib/mit/bin/ksu /usr/lib/mit/bin/sclient /usr/lib/mit/bin/sim_client /usr/lib/mit/bin/uuclient /usr/lib/mit/bin/kswitch /usr/bin/kinit /usr/bin/klist %{_mandir}/man1/kvno.1* %{_mandir}/man1/kinit.1* %{_mandir}/man1/kdestroy.1* %{_mandir}/man1/kpasswd.1* %{_mandir}/man1/klist.1* %{_mandir}/man1/kadmin.1* %{_mandir}/man1/ktutil.1* %{_mandir}/man1/k5srvutil.1* %{_mandir}/man1/kswitch.1* %{_mandir}/man5/krb5.conf.5* %{_mandir}/man5/.k5login.5* %{_mandir}/man5/.k5identity.5* %{_mandir}/man5/k5identity.5* %{_mandir}/man5/k5login.5* %{_mandir}/man1/ksu.1.gz %{_mandir}/man1/sclient.1.gz %{_mandir}/man7/kerberos.7.gz %files plugin-kdb-ldap %defattr(-,root,root) %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir /usr/lib/mit/sbin/ %dir %{_datadir}/kerberos %dir %{_datadir}/kerberos/ldap %config %{_datadir}/kerberos/ldap/kerberos.schema %config %{_datadir}/kerberos/ldap/kerberos.ldif %{_libdir}/krb5/plugins/kdb/kldap.so /usr/lib/mit/sbin/kdb5_ldap_util %{_libdir}/libkdb_ldap* %{_mandir}/man8/kdb5_ldap_util.8* %files plugin-preauth-pkinit %defattr(-,root,root) %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/pkinit.so %files plugin-preauth-otp %defattr(-,root,root) %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/preauth %{_libdir}/krb5/plugins/preauth/otp.so %changelog ++++++ 0001-krb5-1.12-pam.patch ++++++ ++++ 778 lines (skipped) ++++++ 0002-krb5-1.9-manpaths.patch ++++++ >From 191084a19585fbc99e11b6ef4f00ce9df7f45e2f Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:06:55 +0100 Subject: [PATCH 2/9] Import krb5-1.9-manpaths.dif Change the absolute paths included in the man pages so that the correct values can be dropped in by config.status. After applying this patch, these files should be renamed to their ".in" counterparts, and then the configure scripts should be rebuilt. Originally RT#6525 --- src/man/kpropd.man | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/man/kpropd.man b/src/man/kpropd.man index d80e43ad7..949407edd 100644 --- a/src/man/kpropd.man +++ b/src/man/kpropd.man @@ -66,7 +66,7 @@ the \fB/etc/inetd.conf\fP file which looks like this: .sp .nf .ft C -kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd +kprop stream tcp nowait root @SBINDIR@/kpropd kpropd .ft P .fi .UNINDENT -- 2.20.1 ++++++ 0003-krb5-1.12-buildconf.patch ++++++ >From 1786312a200f54a37ef7c97c5ef06e97cc8ea641 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:08:07 +0100 Subject: [PATCH 3/9] Import krb5-1.12-buildconf.patch Build binaries in this package as RELRO PIEs, libraries as partial RELRO, and install shared libraries with the execute bit set on them. Prune out the -L/usr/lib* and PIE flags where they might leak out and affect apps which just want to link with the libraries. FIXME: needs to check and not just assume that the compiler supports using these flags. --- src/build-tools/krb5-config.in | 7 +++++++ src/config/pre.in | 2 +- src/config/shlib.conf | 5 +++-- 3 files changed, 11 insertions(+), 3 deletions(-) diff --git a/src/build-tools/krb5-config.in b/src/build-tools/krb5-config.in index f6184da3f..0edf6a1a5 100755 --- a/src/build-tools/krb5-config.in +++ b/src/build-tools/krb5-config.in @@ -225,6 +225,13 @@ if test -n "$do_libs"; then -e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \ -e 's#\$(CFLAGS)##'` + if test `dirname $libdir` = /usr ; then + lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"` + fi + lib_flags=`echo $lib_flags | sed -e "s#-fPIE##g" -e "s#-pie##g"` + lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,relro##g"` + lib_flags=`echo $lib_flags | sed -e "s#-Wl,-z,now##g"` + if test $library = 'kdb'; then lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB" library=krb5 diff --git a/src/config/pre.in b/src/config/pre.in index 38e101d30..c9ae9475e 100644 --- a/src/config/pre.in +++ b/src/config/pre.in @@ -184,7 +184,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INSTALL_STRIP) INSTALL_SCRIPT=@INSTALL_PROGRAM@ INSTALL_DATA=@INSTALL_DATA@ INSTALL_SHLIB=@INSTALL_SHLIB@ -INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 -o root +INSTALL_SETUID=$(INSTALL) $(INSTALL_STRIP) -m 4755 ## This is needed because autoconf will sometimes define @exec_prefix@ to be ## ${prefix}. prefix=@prefix@ diff --git a/src/config/shlib.conf b/src/config/shlib.conf index 3e4af6c02..a43736137 100644 --- a/src/config/shlib.conf +++ b/src/config/shlib.conf @@ -423,7 +423,7 @@ mips-*-netbsd*) # Linux ld doesn't default to stuffing the SONAME field... # Use objdump -x to examine the fields of the library # UNDEF_CHECK is suppressed by --enable-asan - LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK)' + LDCOMBINE='$(CC) -shared -fPIC -Wl,-h,$(LIBPREFIX)$(LIBBASE)$(SHLIBSEXT) $(UNDEF_CHECK) -Wl,-z,relro' UNDEF_CHECK='-Wl,--no-undefined' # $(EXPORT_CHECK) runs export-check.pl when in maintainer mode. LDCOMBINE_TAIL='-Wl,--version-script binutils.versions $(EXPORT_CHECK)' @@ -435,7 +435,8 @@ mips-*-netbsd*) SHLIB_EXPFLAGS='$(SHLIB_RPATH_FLAGS) $(SHLIB_DIRS) $(SHLIB_EXPLIBS)' PROFFLAGS=-pg PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)' - CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) $(LDFLAGS)' + CC_LINK_SHARED='$(CC) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CFLAGS) -pie -Wl,-z,relro -Wl,-z,now $(LDFLAGS)' + INSTALL_SHLIB='${INSTALL} -m755' CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)' CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)' CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)' -- 2.20.1 ++++++ 0004-krb5-1.6.3-gssapi_improve_errormessages.patch ++++++ >From 48b7d6a58b6efab9578ef160767aaed86168d046 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:09:05 +0100 Subject: [PATCH 4/9] Import krb5-1.6.3-gssapi_improve_errormessages.dif --- src/lib/gssapi/generic/disp_com_err_status.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/lib/gssapi/generic/disp_com_err_status.c b/src/lib/gssapi/generic/disp_com_err_status.c index bc416107e..22612f970 100644 --- a/src/lib/gssapi/generic/disp_com_err_status.c +++ b/src/lib/gssapi/generic/disp_com_err_status.c @@ -52,7 +52,7 @@ g_display_com_err_status(OM_uint32 *minor_status, OM_uint32 status_value, status_string->value = NULL; if (! g_make_string_buffer(((status_value == 0)?no_error: - error_message(status_value)), + error_message((long)status_value)), status_string)) { *minor_status = ENOMEM; return(GSS_S_FAILURE); -- 2.20.1 ++++++ 0005-krb5-1.6.3-ktutil-manpage.patch ++++++ >From 08b99cc69debeb8da38854ddd09f62f854f29309 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:14:47 +0100 Subject: [PATCH 5/9] Import krb5-1.6.3-ktutil-manpage.dif --- src/man/ktutil.man | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/src/man/ktutil.man b/src/man/ktutil.man index 75dee9c56..85a121f5b 100644 --- a/src/man/ktutil.man +++ b/src/man/ktutil.man @@ -166,6 +166,18 @@ ktutil: .sp See kerberos(7) for a description of Kerberos environment variables. +.SH REMARKS +Changes to the keytab are appended to the keytab file (i.e., the keytab file +is never overwritten). To directly modify a keytab, save the changes to a +temporary file and then overwrite the keytab file of interest. +.TP +.nf +Example: +ktutil> rkt /etc/krb5.keytab +(modifications to keytab) +ktutil> wkt /tmp/krb5.newtab +ktutil> q +# mv /tmp/krb5.newtab /etc/krb5.keytab .SH SEE ALSO .sp kadmin(1), kdb5_util(8), kerberos(7) -- 2.20.1 ++++++ 0006-krb5-1.12-api.patch ++++++ >From a853fd08ebbb8b46b15abb11c8e11c0390f139b1 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:15:50 +0100 Subject: [PATCH 6/9] Import krb5-1.12-api.patch Reference docs don't define what happens if you call krb5_realm_compare() with malformed krb5_principal structures. Define a behavior which keeps it from crashing if applications don't check ahead of time. --- src/lib/krb5/krb/princ_comp.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/lib/krb5/krb/princ_comp.c b/src/lib/krb5/krb/princ_comp.c index a6936107d..0ed78833b 100644 --- a/src/lib/krb5/krb/princ_comp.c +++ b/src/lib/krb5/krb/princ_comp.c @@ -36,6 +36,10 @@ realm_compare_flags(krb5_context context, const krb5_data *realm1 = &princ1->realm; const krb5_data *realm2 = &princ2->realm; + if (princ1 == NULL || princ2 == NULL) + return FALSE; + if (realm1 == NULL || realm2 == NULL) + return FALSE; if (realm1->length != realm2->length) return FALSE; if (realm1->length == 0) @@ -88,6 +92,9 @@ krb5_principal_compare_flags(krb5_context context, krb5_principal upn2 = NULL; krb5_boolean ret = FALSE; + if (princ1 == NULL || princ2 == NULL) + return FALSE; + if (flags & KRB5_PRINCIPAL_COMPARE_ENTERPRISE) { /* Treat UPNs as if they were real principals */ if (princ1->type == KRB5_NT_ENTERPRISE_PRINCIPAL) { -- 2.20.1 ++++++ 0007-krb5-1.12-ksu-path.patch ++++++ >From 34330d392e65541c12c92e92d9942e254198ce13 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:16:29 +0100 Subject: [PATCH 7/9] Import krb5-1.12-ksu-path.patch Set the default PATH to the one set by login. --- src/clients/ksu/Makefile.in | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/clients/ksu/Makefile.in b/src/clients/ksu/Makefile.in index 5755bb58a..9d58f29b5 100644 --- a/src/clients/ksu/Makefile.in +++ b/src/clients/ksu/Makefile.in @@ -1,6 +1,6 @@ mydir=clients$(S)ksu BUILDTOP=$(REL)..$(S).. -DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/bin /local/bin"' +DEFINES = -DGET_TGT_VIA_PASSWD -DPRINC_LOOK_AHEAD -DCMD_PATH='"/usr/local/sbin /usr/local/bin /sbin /bin /usr/sbin /usr/bin"' KSU_LIBS=@KSU_LIBS@ PAM_LIBS=@PAM_LIBS@ -- 2.20.1 ++++++ 0008-krb5-1.12-selinux-label.patch ++++++ ++++ 1044 lines (skipped) ++++++ 0009-krb5-1.9-debuginfo.patch ++++++ >From 24f176ead80418642bc9a6898f122c03dfb223d1 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabr...@suse.de> Date: Mon, 14 Jan 2019 13:18:16 +0100 Subject: [PATCH 9/9] Import krb5-1.9-debuginfo.patch We want to keep these y.tab.c files around because the debuginfo points to them. It would be more elegant at the end to use symbolic links, but that could mess up people working in the tree on other things. --- src/kadmin/cli/Makefile.in | 5 +++++ src/plugins/kdb/ldap/ldap_util/Makefile.in | 2 +- 2 files changed, 6 insertions(+), 1 deletion(-) diff --git a/src/kadmin/cli/Makefile.in b/src/kadmin/cli/Makefile.in index adfea6e2b..d1327e400 100644 --- a/src/kadmin/cli/Makefile.in +++ b/src/kadmin/cli/Makefile.in @@ -37,3 +37,8 @@ clean-unix:: # CC_LINK is not meant for compilation and this use may break in the future. datetest: getdate.c $(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c + +%.c: %.y + $(RM) y.tab.c $@ + $(YACC.y) $< + $(CP) y.tab.c $@ diff --git a/src/plugins/kdb/ldap/ldap_util/Makefile.in b/src/plugins/kdb/ldap/ldap_util/Makefile.in index 8669c2436..a22f23c02 100644 --- a/src/plugins/kdb/ldap/ldap_util/Makefile.in +++ b/src/plugins/kdb/ldap/ldap_util/Makefile.in @@ -20,7 +20,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KRB5_BASE_DEPLIB) $(GETDATE) getdate.c: $(GETDATE) $(RM) getdate.c y.tab.c $(YACC) $(GETDATE) - $(MV) y.tab.c getdate.c + $(CP) y.tab.c getdate.c install: $(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG) -- 2.20.1 ++++++ baselibs.conf ++++++ krb5 obsoletes "heimdal-lib-<targettype>" provides "heimdal-lib-<targettype>" krb5-devel ++++++ krb5-rpmlintrc ++++++ addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so") addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz") addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5identity.5.gz") addFilter("files-duplicate .*css") addFilter("files-duplicate .*img.*png") addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so") addFilter("shlib-policy-missing-suffix") addFilter("non-etc-or-var-file-marked-as-conffile") ++++++ krb5.tmpfiles ++++++ d /var/lib/kerberos 0755 root root - d /var/lib/kerberos/krb5 0755 root root - d /var/lib/kerberos/krb5/user 0755 root root - d /var/lib/kerberos/krb5kdc 0755 root root - C /var/lib/kerberos/krb5kdc/kdc.conf 0600 root root - /usr/share/kerberos/krb5kdc/kdc.conf C /var/lib/kerberos/krb5kdc/kadm5.acl 0600 root root - /usr/share/kerberos/krb5kdc/kadm5.acl C /var/lib/kerberos/krb5kdc/kadm5.dict 0600 root root - /usr/share/kerberos/krb5kdc/kadm5.dict ++++++ ksu-pam.d ++++++ #%PAM-1.0 auth sufficient pam_rootok.so auth include common-auth account sufficient pam_rootok.so account include common-account password include common-password session optional pam_keyinit.so force revoke session include common-session session optional pam_xauth.so
