From 0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd Mon Sep 17 00:00:00 2001 From: cvsdist Date: Thu, 9 Sep 2004 07:16:22 +0000 Subject: [PATCH] auto-import changelog data from krb5-1.3.1-6.src.rpm Thu Sep 25 2003 Nalin Dahyabhai 1.3.1-6 - fix bug in patch to make rlogind start login with a clean environment a la netkit rlogin, spotted and fixed by Scott McClung Tue Sep 23 2003 Nalin Dahyabhai 1.3.1-5 - include profile.d scriptlets in krb5-devel so that krb5-config will be in the path, reported by Kir Kolyshkin Mon Sep 08 2003 Nalin Dahyabhai - add more etypes (arcfour) to the default enctype list in kdc.conf - don't apply previous patch, refused upstream Fri Sep 05 2003 Nalin Dahyabhai 1.3.1-4 - fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials Wed Sep 03 2003 Dan Walsh 1.3.1-3 - Don't check for write access on /etc/krb5.conf if SELinux Tue Aug 26 2003 Nalin Dahyabhai 1.3.1-2 - fixup some int/pointer varargs wackiness Tue Aug 05 2003 Nalin Dahyabhai 1.3.1-1 - rebuild Mon Aug 04 2003 Nalin Dahyabhai 1.3.1-0 - update to 1.3.1 Thu Jul 24 2003 Nalin Dahyabhai 1.3-2 - pull fix for non-compliant encoding of salt field in etype-info2 preauth data from 1.3.1 beta 1, until 1.3.1 is released. Mon Jul 21 2003 Nalin Dahyabhai 1.3-1 - update to 1.3 Mon Jul 07 2003 Nalin Dahyabhai 1.2.8-4 - correctly use stdargs Wed Jun 18 2003 Nalin Dahyabhai 1.3-0.beta.4 - test update to 1.3 beta 4 - ditch statglue build option - krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err Wed Jun 04 2003 Elliot Lee - rebuilt Wed May 21 2003 Jeremy Katz 1.2.8-2 - gcc 3.3 doesn't implement varargs.h, include stdarg.h instead Wed Apr 09 2003 Nalin Dahyabhai 1.2.8-1 - update to 1.2.8 --- .cvsignore | 3 +- kdc.conf | 2 +- krb5-1.3-ftp-glob.patch | 281 +++++++++++++++++++ krb5-1.3-ksu-access.patch | 45 ++++ krb5-1.3-large-file.patch | 28 ++ krb5-1.3-manpage-paths.patch | 192 +++++++++++++ krb5-1.3-netkit-rsh.patch | 16 ++ krb5-1.3-rlogind-environ.patch | 49 ++++ krb5-selinux.patch | 13 + krb5.spec | 479 +++++++++++++++++---------------- sources | 3 +- 11 files changed, 878 insertions(+), 233 deletions(-) create mode 100644 krb5-1.3-ftp-glob.patch create mode 100644 krb5-1.3-ksu-access.patch create mode 100644 krb5-1.3-large-file.patch create mode 100644 krb5-1.3-manpage-paths.patch create mode 100644 krb5-1.3-netkit-rsh.patch create mode 100644 krb5-1.3-rlogind-environ.patch create mode 100644 krb5-selinux.patch diff --git a/.cvsignore b/.cvsignore index d798e6e..4e638c1 100644 --- a/.cvsignore +++ b/.cvsignore @@ -1,2 +1 @@ -2003-004-krb4_patchkit.tar.gz -krb5-1.2.7.tar.gz +krb5-1.3.1.tar.gz diff --git a/kdc.conf b/kdc.conf index e55ee00..31563fa 100644 --- a/kdc.conf +++ b/kdc.conf @@ -7,5 +7,5 @@ [realms] EXAMPLE.COM = { master_key_type = des-cbc-crc - supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm + supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3 } diff --git a/krb5-1.3-ftp-glob.patch b/krb5-1.3-ftp-glob.patch new file mode 100644 index 0000000..becaff0 --- /dev/null +++ b/krb5-1.3-ftp-glob.patch @@ -0,0 +1,281 @@ +--- krb5-1.3/src/appl/gssftp/ftp/cmds.c ++++ krb5-1.3/src/appl/gssftp/ftp/cmds.c +@@ -99,6 +99,65 @@ + static void quote1 (char *, int, char **); + static char *dotrans (char *); + static char *domap (char *); ++static int checkglob(int fd, const char *pattern); ++ ++/* ++ * pipeprotect: protect against "special" local filenames by prepending ++ * "./". Special local filenames are "-" and "|..." AND "/...". ++ */ ++static char *pipeprotect(char *name) ++{ ++ char *nu; ++ if (strcmp(name, "-") && *name!='|' && *name!='/') { ++ return name; ++ } ++ ++ /* We're going to leak this memory. XXX. */ ++ nu = malloc(strlen(name)+3); ++ if (nu==NULL) { ++ perror("malloc"); ++ code = -1; ++ return NULL; ++ } ++ strcpy(nu, "."); ++ if (*name != '/') strcat(nu, "/"); ++ strcat(nu, name); ++ return nu; ++} ++ ++/* ++ * Look for embedded ".." in a pathname and change it to "!!", printing ++ * a warning. ++ */ ++static char *pathprotect(char *name) ++{ ++ int gotdots=0, i, len; ++ ++ /* Convert null terminator to trailing / to catch a trailing ".." */ ++ len = strlen(name)+1; ++ name[len-1] = '/'; ++ ++ /* ++ * State machine loop. gotdots is < 0 if not looking at dots, ++ * 0 if we just saw a / and thus might start getting dots, ++ * and the count of dots seen so far if we have seen some. ++ */ ++ for (i=0; i=0) gotdots++; ++ else if (name[i]=='/' && gotdots<0) gotdots=0; ++ else if (name[i]=='/' && gotdots==2) { ++ printf("Warning: embedded .. in %.*s (changing to !!)\n", ++ len-1, name); ++ name[i-1] = '!'; ++ name[i-2] = '!'; ++ gotdots = 0; ++ } ++ else if (name[i]=='/') gotdots = 0; ++ else gotdots = -1; ++ } ++ name[len-1] = 0; ++ return name; ++} + + /* + * `Another' gets another argument, and stores the new argc and argv. +@@ -844,7 +903,15 @@ + + if (argc == 2) { + argc++; +- argv[2] = argv[1]; ++ /* ++ * Protect the user from accidentally retrieving special ++ * local names. ++ */ ++ argv[2] = pipeprotect(argv[1]); ++ if (!argv[2]) { ++ code = -1; ++ return 0; ++ } + loc++; + } + if (argc < 2 && !another(&argc, &argv, "remote-file")) +@@ -1016,8 +1083,19 @@ + if (mapflag) { + tp = domap(tp); + } +- recvrequest("RETR", tp, cp, "w", +- tp != cp || !interactive, 1); ++ ++ /* Reject embedded ".." */ ++ tp = pathprotect(tp); ++ ++ /* Prepend ./ to "-" or "!*" or leading "/" */ ++ tp = pipeprotect(tp); ++ if (tp == NULL) { ++ /* hmm... how best to handle this? */ ++ mflag = 0; ++ } else { ++ recvrequest("RETR", tp, cp, "w", ++ tp != cp || !interactive, 1); ++ } + if (!mflag && fromatty) { + ointer = interactive; + interactive = 1; +@@ -1045,8 +1123,8 @@ + static char buf[MAXPATHLEN]; + static FILE *ftemp = NULL; + static char **args; +- int oldverbose, oldhash; +- char *cp, *rmode; ++ int oldverbose, oldhash, badglob = 0; ++ char *cp; + + if (!mflag) { + if (!doglob) { +@@ -1075,23 +1153,46 @@ + return (NULL); + } + #else +- (void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1); +- temp[sizeof(temp) - 1] = '\0'; +- (void) mktemp(temp); ++ int oldumask, fd; ++ (void) strcpy(temp, _PATH_TMP); ++ ++ /* libc 5.2.18 creates with mode 0666, which is dumb */ ++ oldumask = umask(077); ++ fd = mkstemp(temp); ++ umask(oldumask); ++ ++ if (fd<0) { ++ printf("Error creating temporary file, oops\n"); ++ return NULL; ++ } + #endif /* !_WIN32 */ + oldverbose = verbose, verbose = 0; + oldhash = hash, hash = 0; + if (doswitch) { + pswitch(!proxy); + } +- for (rmode = "w"; *++argv != NULL; rmode = "a") +- recvrequest ("NLST", temp, *argv, rmode, 0, 0); ++ ++ while (*++argv != NULL) { ++ int dupfd = dup(fd); ++ ++ recvrequest ("NLST", temp, *argv, "a", 0, 0); ++ if (!checkglob(dupfd, *argv)) { ++ badglob = 1; ++ break; ++ } ++ } ++ unlink(temp); ++ + if (doswitch) { + pswitch(!proxy); + } + verbose = oldverbose; hash = oldhash; +- ftemp = fopen(temp, "r"); +- (void) unlink(temp); ++ if (badglob) { ++ printf("Refusing to handle insecure file list\n"); ++ close(fd); ++ return NULL; ++ } ++ ftemp = fdopen(fd, "r"); + #ifdef _WIN32 + free(temp); + temp = NULL; +@@ -1100,6 +1201,7 @@ + printf("can't find list of remote files, oops\n"); + return (NULL); + } ++ rewind(ftemp); + } + if (fgets(buf, sizeof (buf), ftemp) == NULL) { + (void) fclose(ftemp), ftemp = NULL; +@@ -1110,6 +1212,100 @@ + return (buf); + } + ++/* ++ * Check whether given pattern matches `..' ++ * We assume only a glob pattern starting with a dot will match ++ * dot entries on the server. ++ */ ++static int ++isdotdotglob(const char *pattern) ++{ ++ int havedot = 0; ++ char c; ++ ++ if (*pattern++ != '.') ++ return 0; ++ while ((c = *pattern++) != '\0' && c != '/') { ++ if (c == '*' || c == '?') ++ continue; ++ if (c == '.' && havedot++) ++ return 0; ++ } ++ return 1; ++} ++ ++/* ++ * This function makes sure the list of globbed files returned from ++ * the server doesn't contain anything dangerous such as ++ * /home//.forward, or ../.forward, ++ * or |mail foe@doe = MAXPATHLEN) { ++ printf("Incredible pattern: %s\n", pattern); ++ return 0; ++ } ++ dotdot[nrslash++] = isdotdotglob(sp); ++ } ++ ++ fp = fdopen(fd, "r"); ++ while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) { ++ char *sp; ++ ++ if ((sp = strchr(buffer, '\n')) != 0) { ++ *sp = '\0'; ++ } else { ++ printf("Extremely long filename from server: %s", ++ buffer); ++ okay = 0; ++ break; ++ } ++ if (buffer[0] == '|' ++ || (buffer[0] != '/' && initial) ++ || (buffer[0] == '/' && !initial)) ++ okay = 0; ++ for (sp = buffer, nr = 0; sp; sp = strchr(sp, '/'), nr++) { ++ while (*sp == '/') ++ sp++; ++ if (sp[0] == '.' && !strncmp(sp, "../", 3) ++ && (nr >= nrslash || !dotdot[nr])) ++ okay = 0; ++ } ++ } ++ ++ if (!okay) ++ printf("Filename provided by server " ++ "doesn't match pattern `%s': %s\n", pattern, buffer); ++ ++ fclose(fp); ++ return okay; ++} ++ + static char * + onoff(bool) + int bool; diff --git a/krb5-1.3-ksu-access.patch b/krb5-1.3-ksu-access.patch new file mode 100644 index 0000000..59c23c2 --- /dev/null +++ b/krb5-1.3-ksu-access.patch @@ -0,0 +1,45 @@ +The idea is to not complain about problems in the default ticket file if we +couldn't read it, because the client would be able to tell if it's there or +not. Still needs work, I think. +--- krb5-1.3/src/clients/ksu/ccache.c ++++ krb5-1.3/src/clients/ksu/ccache.c +@@ -77,7 +77,7 @@ + cc_def_name = krb5_cc_get_name(context, cc_def); + cc_other_name = krb5_cc_get_name(context, *cc_other); + +- if ( ! stat(cc_def_name, &st_temp)){ ++ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){ + if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){ + return retval; + } +--- krb5-1.3/src/clients/ksu/heuristic.c ++++ krb5-1.3/src/clients/ksu/heuristic.c +@@ -412,7 +412,7 @@ + + cc_source_name = krb5_cc_get_name(context, cc); + +- if ( ! stat(cc_source_name, &st_temp)){ ++ if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){ + + retval = find_ticket(context, cc, client, end_server, &temp_found); + if (retval) +@@ -572,7 +572,7 @@ + cc_source_name = krb5_cc_get_name(context, cc_source); + + +- if (! stat(cc_source_name, &st_temp)) { ++ if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) { + retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ); + if (retval) + return retval; +--- krb5-1.3/src/clients/ksu/main.c ++++ krb5-1.3/src/clients/ksu/main.c +@@ -263,7 +263,7 @@ + if ( strchr(cc_source_tag, ':')){ + cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1; + +- if( stat( cc_source_tag_tmp, &st_temp)){ ++ if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){ + com_err (prog_name, errno, + "while looking for credentials file %s", + cc_source_tag_tmp); diff --git a/krb5-1.3-large-file.patch b/krb5-1.3-large-file.patch new file mode 100644 index 0000000..61ab35b --- /dev/null +++ b/krb5-1.3-large-file.patch @@ -0,0 +1,28 @@ +The size might be a long long, so deal with that. + +--- krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y ++++ krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y +@@ -1515,12 +1515,12 @@ + (stbuf.st_mode&S_IFMT) != S_IFREG) + reply(550, "%s: not a plain file.", filename); + else +- reply(213, "%lu", (long) stbuf.st_size); ++ reply(213, "%llu", (long long) stbuf.st_size); + break;} + case TYPE_A: { + FILE *fin; + register int c; +- register long count; ++ register long long count; + struct stat stbuf; + fin = fopen(filename, "r"); + if (fin == NULL) { +@@ -1542,7 +1542,7 @@ + } + (void) fclose(fin); + +- reply(213, "%ld", count); ++ reply(213, "%lld", count); + break;} + default: + reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]); diff --git a/krb5-1.3-manpage-paths.patch b/krb5-1.3-manpage-paths.patch new file mode 100644 index 0000000..39b54ad --- /dev/null +++ b/krb5-1.3-manpage-paths.patch @@ -0,0 +1,192 @@ +--- krb5-1.3/src/appl/bsd/klogind.M ++++ krb5-1.3/src/appl/bsd/klogind.M +@@ -27,7 +27,7 @@ + the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf + configuration line for \fIklogind\fP might be: + +-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c ++klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c + + When a service request is received, the following protocol is initiated: + +--- krb5-1.3/src/appl/bsd/kshd.M ++++ krb5-1.3/src/appl/bsd/kshd.M +@@ -8,7 +8,7 @@ + .SH NAME + kshd \- kerberized remote shell server + .SH SYNOPSIS +-.B /usr/local/sbin/kshd ++.B /usr/kerberos/sbin/kshd + [ + .B \-kr45ec + ] +@@ -30,7 +30,7 @@ + on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf + configuration line for \fIkrshd\fP might be: + +-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c ++kshell stream tcp nowait root /usr/kerberos/sbin/kshd kshd -5c + + When a service request is received, the following protocol is initiated: + +--- krb5-1.3/src/appl/sample/sserver/sserver.M ++++ krb5-1.3/src/appl/sample/sserver/sserver.M +@@ -59,7 +59,7 @@ + using a line in + /etc/inetd.conf that looks like this: + .PP +-sample stream tcp nowait root /usr/local/sbin/sserver sserver ++sample stream tcp nowait root /usr/kerberos/sbin/sserver sserver + .PP + Since \fBsample\fP is normally not a port defined in /etc/services, you will + usually have to add a line to /etc/services which looks like this: +--- krb5-1.3/src/appl/telnet/telnet/telnet.1 ++++ krb5-1.3/src/appl/telnet/telnet/telnet.1 +@@ -8,35 +8,35 @@ + .\" notice, this list of conditions and the following disclaimer. + .\" 2. Redistributions in binary form must reproduce the above copyright + .\" notice, this list of conditions and the following disclaimer in the +-.\" documentation and/or other materials provided with the distribution. +-.\" 3. All advertising materials mentioning features or use of this software +-.\" must display the following acknowledgement: +-.\" This product includes software developed by the University of +-.\" California, Berkeley and its contributors. +-.\" 4. Neither the name of the University nor the names of its contributors +-.\" may be used to endorse or promote products derived from this software +-.\" without specific prior written permission. +-.\" +-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +-.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +-.\" SUCH DAMAGE. +-.\" +-.\" @(#)telnet.1 8.4 (Berkeley) 2/3/94 +-.\" " +-.TH TELNET 1 +-.SH NAME +-telnet \- user interface to the TELNET protocol +-.SH SYNOPSIS +-.B telnet +-[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP ++ .\" documentation and/or other materials provided with the distribution. ++ .\" 3. All advertising materials mentioning features or use of this software ++ .\" must display the following acknowledgement: ++ .\" This product includes software developed by the University of ++ .\" California, Berkeley and its contributors. ++ .\" 4. Neither the name of the University nor the names of its contributors ++ .\" may be used to endorse or promote products derived from this software ++ .\" without specific prior written permission. ++ .\" ++ .\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ++ .\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE ++ .\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ++ .\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE ++ .\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL ++ .\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS ++ .\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) ++ .\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT ++ .\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY ++ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF ++ .\" SUCH DAMAGE. ++ .\" ++ .\" @(#)telnet.1 8.4 (Berkeley) 2/3/94 ++ .\" " ++ .TH TELNET 1 ++ .SH NAME ++ telnet \- user interface to the TELNET protocol ++ .SH SYNOPSIS ++ .B telnet ++ [\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP + \fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP] + [\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP + \fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP] +--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8 ++++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8 +@@ -37,7 +37,7 @@ + .SM DARPA TELNET + protocol server + .SH SYNOPSIS +-.B /usr/libexec/telnetd ++.B /usr/kerberos/sbin/telnetd + [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP] + [\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP] + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] +--- krb5-1.3/src/config-files/kdc.conf.M ++++ krb5-1.3/src/config-files/kdc.conf.M +@@ -235,7 +235,7 @@ + realm names and the [capaths] section of its krb5.conf file + + .SH FILES +-/usr/local/var/krb5kdc/kdc.conf ++/var/kerberos/krb5kdc/kdc.conf + + .SH SEE ALSO + krb5.conf(5), krb5kdc(8) +--- krb5-1.3/src/kadmin/cli/kadmin.M ++++ krb5-1.3/src/kadmin/cli/kadmin.M +@@ -733,9 +733,9 @@ + .RS + .TP + EXAMPLE: +-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin ++kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin + Entry for principal kadmin/admin with kvno 3 removed +- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. ++ from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. + kadmin: + .RE + .fi +--- krb5-1.3/src/slave/kprop.M ++++ krb5-1.3/src/slave/kprop.M +@@ -39,7 +39,7 @@ + This is done by transmitting the dumped database file to the slave + server over an encrypted, secure channel. The dump file must be created + by kdb5_util, and is normally KPROP_DEFAULT_FILE +-(/usr/local/var/krb5kdc/slave_datatrans). ++(/var/kerberos/krb5kdc/slave_datatrans). + .SH OPTIONS + .TP + \fB\-r\fP \fIrealm\fP +@@ -51,7 +51,7 @@ + \fB\-f\fP \fIfile\fP + specifies the filename where the dumped principal database file is to be + found; by default the dumped database file is KPROP_DEFAULT_FILE +-(normally /usr/local/var/krb5kdc/slave_datatrans). ++(normally /var/kerberos/krb5kdc/slave_datatrans). + .TP + \fB\-P\fP \fIport\fP + specifies the port to use to contact the +--- krb5-1.3/src/slave/kpropd.M ++++ krb5-1.3/src/slave/kpropd.M +@@ -69,7 +69,7 @@ + This is done by adding a line to the inetd.conf file which looks like + this: + +-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd ++kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd + + However, kpropd can also run as a standalone deamon, if the + .B \-S +@@ -87,13 +87,13 @@ + \fB\-f\fP \fIfile\fP + specifies the filename where the dumped principal database file is to be + stored; by default the dumped database file is KPROPD_DEFAULT_FILE +-(normally /usr/local/var/krb5kdc/from_master). ++(normally /var/kerberos/krb5kdc/from_master). + .TP + .B \-p + allows the user to specify the pathname to the + .IR kdb5_util (8) + program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL +-(normally /usr/local/sbin/kdb5_util). ++(normally /usr/kerberos/sbin/kdb5_util). + .TP + .B \-S + turn on standalone mode. Normally, kpropd is invoked out of diff --git a/krb5-1.3-netkit-rsh.patch b/krb5-1.3-netkit-rsh.patch new file mode 100644 index 0000000..6c044d3 --- /dev/null +++ b/krb5-1.3-netkit-rsh.patch @@ -0,0 +1,16 @@ +We ship netkit rsh, which isn't smart enough to deal with the oddball case +where argv[0] is an option flag. + +--- krb5-1.3/src/appl/bsd/krsh.c ++++ krb5-1.3/src/appl/bsd/krsh.c +@@ -616,8 +616,10 @@ + else + host = argv[0]; + ++#ifdef BERKELEY_RSH + if (!strcmp(host, "rsh")) + argv++; ++#endif + + fprintf(stderr,"trying normal rsh (%s)\n", + UCB_RSH); diff --git a/krb5-1.3-rlogind-environ.patch b/krb5-1.3-rlogind-environ.patch new file mode 100644 index 0000000..6705cc1 --- /dev/null +++ b/krb5-1.3-rlogind-environ.patch @@ -0,0 +1,49 @@ +Start with only TERM defined in the environment, like NetKit rlogind does. +--- krb5-1.3/src/appl/bsd/krlogind.c ++++ krb5-1.3/src/appl/bsd/krlogind.c +@@ -713,6 +713,9 @@ + #else + struct sgttyb b; + #endif /* POSIX_TERMIOS */ ++ char environ_term[sizeof(term) + 6], environ_ccname[sizeof(environ_term)]; ++ char *bare_environ[] = {environ_term, environ_ccname, NULL}; ++ + if ((retval = pty_open_slave(line, &t))) { + fatal(f, error_message(retval)); + exit(1); +@@ -819,11 +822,15 @@ + /* use the vendors login, which has -p and -f. Tested on + * AIX 4.1.4 and HPUX 10 + */ ++ memset(environ_term, '\0', sizeof(environ_term)); ++ memset(environ_ccname, '\0', sizeof(environ_ccname)); ++ if (getenv("KRB5CCNAME") != NULL) ++ snprintf(environ_ccname, sizeof(environ_ccname) - 1, "KRB5CCNAME=%s", getenv("KRB5CCNAME")); + { + char *cp; + if ((cp = strchr(term,'/'))) + *cp = '\0'; +- setenv("TERM",term, 1); ++ snprintf(environ_term, sizeof(environ_term) - 1, "TERM=%s", term); + } + + retval = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen, +@@ -832,13 +839,13 @@ + if (retval) + fatalperror(f, "failed make_sane_hostname"); + if (passwd_req) +- execl(login_program, "login", "-p", "-h", rhost_sane, +- lusername, 0); ++ execle(login_program, "login", "-p", "-h", rhost_sane, ++ lusername, 0, bare_environ); + else +- execl(login_program, "login", "-p", "-h", rhost_sane, +- "-f", lusername, 0); ++ execle(login_program, "login", "-p", "-h", rhost_sane, ++ "-f", lusername, 0, bare_environ); + #else /* USE_LOGIN_F */ +- execl(login_program, "login", "-r", rhost_sane, 0); ++ execle(login_program, "login", "-r", rhost_sane, 0, bare_environ); + #endif /* USE_LOGIN_F */ + syslog(LOG_ERR, "failed exec of %s: %s", + login_program, error_message(errno)); diff --git a/krb5-selinux.patch b/krb5-selinux.patch new file mode 100644 index 0000000..cd66c37 --- /dev/null +++ b/krb5-selinux.patch @@ -0,0 +1,13 @@ +--- krb5-1.3.1/src/util/profile/prof_file.c.selinux 2003-03-06 13:48:03.000000000 -0500 ++++ krb5-1.3.1/src/util/profile/prof_file.c 2003-09-03 13:42:42.343661059 -0400 +@@ -220,8 +220,10 @@ errcode_t profile_update_file_data(prf_d + } + data->upd_serial++; + data->flags = 0; ++#ifdef NO_SELINUX + if (rw_access(data->filespec)) + data->flags |= PROFILE_FILE_RW; ++#endif + retval = profile_parse_file(f, &data->root); + fclose(f); + if (retval) diff --git a/krb5.spec b/krb5.spec index 987c343..60e6e17 100644 --- a/krb5.spec +++ b/krb5.spec @@ -1,10 +1,13 @@ -%define prefix %{_prefix}/kerberos -%define statglue 0 +%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1} +%define WITH_SELINUX 0 +%endif + +%define krb5prefix %{_prefix}/kerberos Summary: The Kerberos network authentication system. Name: krb5 -Version: 1.2.7 -Release: 14 +Version: 1.3.1 +Release: 6 Source0: krb5-%{version}.tar.gz Source1: krb5-%{version}.tar.gz.asc Source2: kpropd.init @@ -24,47 +27,38 @@ Source15: klogin.xinetd Source16: kshell.xinetd Source17: krb5-telnet.xinetd Source18: gssftp.xinetd -Source19: statglue.c -Source20: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz -Source21: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig -Patch0: krb5-1.1-db.patch -Patch1: krb5-1.1.1-tiocgltc.patch -Patch2: krb5-1.1.1-libpty.patch -Patch3: krb5-1.1.1-fixinfo.patch -Patch4: krb5-1.1.1-manpages.patch -Patch5: krb5-1.1.1-netkitr.patch -Patch6: krb5-1.2-rlogind.patch -Patch7: krb5-1.2-ksu.patch -Patch8: krb5-1.2-ksu.options.patch -Patch9: krb5-1.2-ksu.man.patch -Patch10: krb5-1.2-quiet.patch -Patch11: krb5-1.1.1-brokenrev.patch -Patch12: krb5-1.2-spelling.patch -Patch13: krb5-1.2.1-term.patch -Patch14: krb5-1.2.1-passive.patch -Patch15: krb5-1.2.1-forward.patch -Patch16: krb5-1.2.1-heap.patch -Patch17: krb5-1.2.2-wragg.patch -Patch18: krb5-1.2.2-statglue.patch -Patch20: krb5-1.2.2-by-address.patch -Patch21: http://lite.mit.edu/krb5-1.2.2-ktany.patch -Patch22: krb5-1.2.2-logauth.patch -Patch23: krb5-1.2.2-size.patch -Patch24: krb5-1.2.5-db2-configure.patch -Patch25: krb5-1.2.7-namelength.patch -Patch26: krb5-1.2.7-errno.patch -Patch27: gssftp-patch -Patch28: krb5-1.2.7-princ_size.patch -Patch29: krb5-1.2.7-reject-bad-transited.patch -Patch30: krb5-1.2.7-underrun.patch -Patch31: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt -Patch32: krb5-1.2.7-krb524d-double-free.patch + +Patch0: krb5-1.3-gcc33.patch +Patch1: krb5-1.3-info-dir.patch +Patch2: krb5-1.3-manpage-paths.patch +Patch3: krb5-1.3-netkit-rsh.patch +Patch4: krb5-1.3-rlogind-environ.patch +Patch5: krb5-1.3-ksu-access.patch +Patch6: krb5-1.3-ksu-path.patch +Patch7: krb5-1.1.1-tiocgltc.patch +Patch8: krb5-1.1.1-libpty.patch +Patch9: krb5-1.1.1-brokenrev.patch +Patch10: krb5-1.2.1-term.patch +Patch11: krb5-1.2.1-passive.patch +Patch12: krb5-1.3-ktany.patch +Patch13: krb5-1.3-large-file.patch +Patch14: krb5-1.3-ftp-glob.patch +Patch15: krb5-1.3-check.patch +Patch16: krb5-1.3-no-rpath.patch +Patch17: krb5-1.3-pass-by-address.patch +Patch18: krb5-1.2.7-reject-bad-transited.patch +Patch19: krb5-1.2.7-krb524d-double-free.patch +Patch20: krb5-1.3.1-varargs.patch +Patch21: krb5-selinux.patch +Patch22: krb5-1.3.1-32.patch + License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ Group: System Environment/Libraries BuildRoot: %{_tmppath}/%{name}-root Prereq: grep, info, sh-utils, /sbin/install-info -BuildPrereq: bison, e2fsprogs-devel, flex, gzip, libtermcap-devel, rsh, texinfo, tar +BuildPrereq: bison, e2fsprogs-devel >= 1.33, flex +BuildPrereq: gzip, libtermcap-devel, rsh, texinfo, tar %description Kerberos V5 is a trusted-third-party network authentication system, @@ -74,7 +68,7 @@ practice of cleartext passwords. %package devel Summary: Development files needed to compile Kerberos 5 programs. Group: Development/Libraries -Requires: %{name}-libs = %{version}-%{release} +Requires: %{name}-libs = %{version}-%{release}, e2fsprogs-devel %description devel Kerberos is a network authentication system. The krb5-devel package @@ -120,6 +114,57 @@ network uses Kerberos, this package should be installed on every workstation. %changelog +* Thu Sep 25 2003 Nalin Dahyabhai 1.3.1-6 +- fix bug in patch to make rlogind start login with a clean environment a la + netkit rlogin, spotted and fixed by Scott McClung + +* Tue Sep 23 2003 Nalin Dahyabhai 1.3.1-5 +- include profile.d scriptlets in krb5-devel so that krb5-config will be in + the path, reported by Kir Kolyshkin + +* Mon Sep 8 2003 Nalin Dahyabhai +- add more etypes (arcfour) to the default enctype list in kdc.conf +- don't apply previous patch, refused upstream + +* Fri Sep 5 2003 Nalin Dahyabhai 1.3.1-4 +- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials + +* Wed Sep 3 2003 Dan Walsh 1.3.1-3 +- Don't check for write access on /etc/krb5.conf if SELinux + +* Tue Aug 26 2003 Nalin Dahyabhai 1.3.1-2 +- fixup some int/pointer varargs wackiness + +* Tue Aug 5 2003 Nalin Dahyabhai 1.3.1-1 +- rebuild + +* Mon Aug 4 2003 Nalin Dahyabhai 1.3.1-0 +- update to 1.3.1 + +* Thu Jul 24 2003 Nalin Dahyabhai 1.3-2 +- pull fix for non-compliant encoding of salt field in etype-info2 preauth + data from 1.3.1 beta 1, until 1.3.1 is released. + +* Mon Jul 21 2003 Nalin Dahyabhai 1.3-1 +- update to 1.3 + +* Mon Jul 7 2003 Nalin Dahyabhai 1.2.8-4 +- correctly use stdargs + +* Wed Jun 18 2003 Nalin Dahyabhai 1.3-0.beta.4 +- test update to 1.3 beta 4 +- ditch statglue build option +- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err + +* Wed Jun 04 2003 Elliot Lee +- rebuilt + +* Wed May 21 2003 Jeremy Katz 1.2.8-2 +- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead + +* Wed Apr 9 2003 Nalin Dahyabhai 1.2.8-1 +- update to 1.2.8 + * Mon Mar 31 2003 Nalin Dahyabhai 1.2.7-14 - fix double-free of enc_part2 in krb524d @@ -564,96 +609,72 @@ workstation. - added --force to makeinfo commands to skip errors during build %prep -%setup -q -a 20 -%patch0 -p0 -b .db -%patch1 -p0 -b .tciogltc -%patch2 -p0 -b .libpty -%patch3 -p0 -b .fixinfo -%patch4 -p0 -b .manpages -%patch5 -p0 -b .netkitr -%patch6 -p1 -b .rlogind -%patch7 -p1 -b .ksu -%patch8 -p1 -b .ksu-options -%patch9 -p1 -b .ksu-man -%patch10 -p1 -b .quiet -%patch11 -p1 -b .brokenrev -%patch12 -p1 -b .spelling -%patch13 -p1 -b .term -%patch14 -p1 -b .passive -%patch15 -p1 -b .forward -%patch16 -p1 -b .heap -%patch17 -p1 -b .wragg -%if %{statglue} -%patch18 -p1 -b .statglue +%setup -q -n %{name}-%{version} +%patch0 -p1 -b .gcc33 +%patch1 -p1 -b .info-dir +%patch2 -p1 -b .manpage-paths +%patch3 -p1 -b .netkit-rsh +%patch4 -p1 -b .rlogind-environ +%patch5 -p1 -b .ksu-access +%patch6 -p1 -b .ksu-path +%patch7 -p0 -b .tciogltc +%patch8 -p0 -b .libpty +%patch9 -p1 -b .brokenrev +%patch10 -p1 -b .term +%patch11 -p1 -b .passive +%patch12 -p1 -b .ktany +%patch13 -p1 -b .large-file +%patch14 -p1 -b .ftp-glob +%patch15 -p1 -b .check +%patch16 -p1 -b .no-rpath +%patch17 -p1 -b .pass-by-address +%patch18 -p1 -b .reject-bad-transited +%patch19 -p1 -b .double-free +%patch20 -p1 -b .varargs +%if %{WITH_SELINUX} +%patch21 -p1 -b .selinux %endif -%patch20 -p0 -b .by-address -%patch21 -p1 -b .ktany -%patch22 -p1 -b .logauth -%patch23 -p1 -b .size -%patch24 -p1 -b .db2-configure -%patch25 -p1 -b .namelength -%patch26 -p1 -b .errno -%patch27 -p1 -b .gssftp-patch -%patch28 -p1 -b .princ_size.patch -%patch29 -p1 -b .reject-bad-transited.patch -%patch30 -p1 -b .underrun -pushd src -patch -sp0 -b -z .2003-004-krb4 < ../2003-004-krb4_patchkit/patch.1.2.7 -popd -pushd src/lib/rpc -%patch31 -p0 -b .2003-003 -popd -%patch32 -p1 -b .double-free +# Removed, per http://mailman.mit.edu/pipermail/krb5-bugs/2003-September/001735.html +# %patch22 -p1 -b .32 cp src/krb524/README README.krb524 - -(cd src/util/db2; autoconf ) -%if %{statglue} -cp $RPM_SOURCE_DIR/statglue.c src/util/profile/statglue.c -%endif -find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";" +find . -type f -name "*.info-dir" -exec rm -fv "{}" ";" gzip doc/*.ps %build cd src -libtoolize --copy --force -cp config.{guess,sub} config/ -cp config.{guess,sub} util/autoconf/ - -# Get LFS support on systems that need it which aren't already 64-bit. -%ifarch %{ix86} s390 ppc sparc -DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES -%endif -# Can't use %%configure because we don't use the default mandir. -./configure \ - --with-cc=%{__cc} \ - --with-ccopts="$RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES -fPIC" \ +INCLUDES=-I%{_includedir}/et +CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES $INCLUDES -fPIC`" +%configure \ + CC=%{__cc} \ + CFLAGS="$CFLAGS" \ + CPPFLAGS="$DEFINES $INCLUDES" \ --enable-shared --enable-static \ - --prefix=%{prefix} \ - --infodir=%{_infodir} \ - --libdir=%{prefix}/%{_lib} \ + --bindir=%{krb5prefix}/bin \ + --mandir=%{krb5prefix}/man \ + --sbindir=%{krb5prefix}/sbin \ + --datadir=%{krb5prefix}/share \ --localstatedir=%{_var}/kerberos \ --with-krb4 \ + --with-system-et \ + --with-system-ss \ --with-netlib=-lresolv \ --without-tcl \ - --enable-dns \ - %{_target_platform} -# Now build it. Override the CC_LINK variable to exclude the rpath, and + --enable-dns +# Now build it. Override the RPATH_FLAG and PROG_LIBPATH to drop the rpath, and # override LDCOMBINE to use gcc instead of ld to build shared libraries. -make \ - CC_LINK='$(CC) $(PROG_LIBPATH)' \ +make RPATH_FLAG= PROG_RPATH= \ LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)' -# Run the test suite. Won't run in the build system because /dev/pts is -# not available for telnet tests and so on. -# make check TMPDIR=%{_tmppath} +# Run the test suite. +: make RPATH_FLAG= PROG_RPATH= check TMPDIR=%{_tmppath} %install [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT # Shell scripts wrappers for Kerberized rsh and rlogin. -mkdir -p $RPM_BUILD_ROOT%{prefix}/bin -install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{prefix}/bin/ +mkdir -p $RPM_BUILD_ROOT%{krb5prefix}/bin +install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{krb5prefix}/bin/ # Info docs. mkdir -p $RPM_BUILD_ROOT%{_infodir} @@ -691,23 +712,19 @@ done make -C src DESTDIR=$RPM_BUILD_ROOT install # Fixup permissions on header files. -find $RPM_BUILD_ROOT/%{prefix}/include -type d | xargs chmod 755 -find $RPM_BUILD_ROOT/%{prefix}/include -type f | xargs chmod 644 +find $RPM_BUILD_ROOT/%{_includedir} -type d | xargs chmod 755 +find $RPM_BUILD_ROOT/%{_includedir} -type f | xargs chmod 644 # Fixup strange shared library permissions. -chmod 755 $RPM_BUILD_ROOT%{prefix}/%{_lib}/*.so* +chmod 755 $RPM_BUILD_ROOT%{_libdir}/*.so* # Munge the krb5-config script to remove rpaths. -sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{prefix}/bin/krb5-config +sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{krb5prefix}/bin/krb5-config %clean [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT -%post libs -if ! grep -q '^%{prefix}/%{_lib}$' /etc/ld.so.conf ; then - echo %{prefix}/%{_lib} >> /etc/ld.so.conf -fi -/sbin/ldconfig +%post libs -p /sbin/ldconfig %postun libs -p /sbin/ldconfig @@ -767,72 +784,75 @@ fi %config(noreplace) /etc/xinetd.d/* -%doc doc/user*.html doc/user*.ps.gz src/config-files/services.append +%doc doc/krb5-user*.html doc/user*.ps.gz src/config-files/services.append +%doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html %attr(0755,root,root) %doc src/config-files/convert-config-files %{_infodir}/krb5-user.info* -%dir %{prefix} -%dir %{prefix}/bin -%dir %{prefix}/man -%dir %{prefix}/man/man1 -%dir %{prefix}/man/man5 -%dir %{prefix}/man/man8 -%dir %{prefix}/sbin +%dir %{krb5prefix} +%dir %{krb5prefix}/bin +%dir %{krb5prefix}/man +%dir %{krb5prefix}/man/man1 +%dir %{krb5prefix}/man/man5 +%dir %{krb5prefix}/man/man8 +%dir %{krb5prefix}/sbin -%{prefix}/bin/ftp -%{prefix}/man/man1/ftp.1* -%{prefix}/bin/gss-client -%{prefix}/bin/kdestroy -%{prefix}/man/man1/kdestroy.1* -%{prefix}/man/man1/kerberos.1* -%{prefix}/bin/kinit -%{prefix}/man/man1/kinit.1* -%{prefix}/bin/klist -%{prefix}/man/man1/klist.1* -%{prefix}/bin/kpasswd -%{prefix}/man/man1/kpasswd.1* -%{prefix}/bin/krb524init -%{prefix}/sbin/kadmin -%{prefix}/man/man8/kadmin.8* -%{prefix}/sbin/ktutil -%{prefix}/man/man8/ktutil.8* -%attr(0755,root,root) %{prefix}/bin/ksu -%{prefix}/man/man1/ksu.1* -%{prefix}/bin/kvno -%{prefix}/man/man1/kvno.1* -%{prefix}/bin/rcp -%{prefix}/man/man1/rcp.1* -%{prefix}/bin/krlogin -%{prefix}/bin/rlogin -%{prefix}/man/man1/rlogin.1* -%{prefix}/bin/krsh -%{prefix}/bin/rsh -%{prefix}/man/man1/rsh.1* -%{prefix}/bin/telnet -%{prefix}/man/man1/telnet.1* -%{prefix}/man/man1/tmac.doc* -%attr(0755,root,root) %{prefix}/bin/v4rcp -%{prefix}/man/man1/v4rcp.1* -%{prefix}/bin/v5passwd -%{prefix}/man/man1/v5passwd.1* -%{prefix}/bin/sim_client -%{prefix}/bin/uuclient -%{prefix}/sbin/login.krb5 -%{prefix}/man/man8/login.krb5.8* -%{prefix}/sbin/ftpd -%{prefix}/man/man8/ftpd.8* -%{prefix}/sbin/gss-server -%{prefix}/sbin/klogind -%{prefix}/man/man8/klogind.8* -%{prefix}/sbin/krb5-send-pr -%{prefix}/man/man1/krb5-send-pr.1* -%{prefix}/sbin/kshd -%{prefix}/man/man8/kshd.8* -%{prefix}/sbin/telnetd -%{prefix}/man/man8/telnetd.8* -%{prefix}/sbin/uuserver -%{prefix}/man/man5/.k5login.5* -%{prefix}/man/man5/krb5.conf.5* +%{krb5prefix}/bin/ftp +%{krb5prefix}/man/man1/ftp.1* +%{krb5prefix}/bin/gss-client +%{krb5prefix}/bin/kdestroy +%{krb5prefix}/man/man1/kdestroy.1* +%{krb5prefix}/man/man1/kerberos.1* +%{krb5prefix}/bin/kinit +%{krb5prefix}/man/man1/kinit.1* +%{krb5prefix}/bin/klist +%{krb5prefix}/man/man1/klist.1* +%{krb5prefix}/bin/kpasswd +%{krb5prefix}/man/man1/kpasswd.1* +%{krb5prefix}/bin/krb524init +%{krb5prefix}/sbin/k5srvutil +%{krb5prefix}/man/man8/k5srvutil.8* +%{krb5prefix}/sbin/kadmin +%{krb5prefix}/man/man8/kadmin.8* +%{krb5prefix}/sbin/ktutil +%{krb5prefix}/man/man8/ktutil.8* +%attr(0755,root,root) %{krb5prefix}/bin/ksu +%{krb5prefix}/man/man1/ksu.1* +%{krb5prefix}/bin/kvno +%{krb5prefix}/man/man1/kvno.1* +%{krb5prefix}/bin/rcp +%{krb5prefix}/man/man1/rcp.1* +%{krb5prefix}/bin/krlogin +%{krb5prefix}/bin/rlogin +%{krb5prefix}/man/man1/rlogin.1* +%{krb5prefix}/bin/krsh +%{krb5prefix}/bin/rsh +%{krb5prefix}/man/man1/rsh.1* +%{krb5prefix}/bin/telnet +%{krb5prefix}/man/man1/telnet.1* +%{krb5prefix}/man/man1/tmac.doc* +%attr(0755,root,root) %{krb5prefix}/bin/v4rcp +%{krb5prefix}/man/man1/v4rcp.1* +%{krb5prefix}/bin/v5passwd +%{krb5prefix}/man/man1/v5passwd.1* +%{krb5prefix}/bin/sim_client +%{krb5prefix}/bin/uuclient +%{krb5prefix}/sbin/login.krb5 +%{krb5prefix}/man/man8/login.krb5.8* +%{krb5prefix}/sbin/ftpd +%{krb5prefix}/man/man8/ftpd.8* +%{krb5prefix}/sbin/gss-server +%{krb5prefix}/sbin/klogind +%{krb5prefix}/man/man8/klogind.8* +%{krb5prefix}/sbin/krb5-send-pr +%{krb5prefix}/man/man1/krb5-send-pr.1* +%{krb5prefix}/sbin/kshd +%{krb5prefix}/man/man8/kshd.8* +%{krb5prefix}/sbin/telnetd +%{krb5prefix}/man/man8/telnetd.8* +%{krb5prefix}/sbin/uuserver +%{krb5prefix}/man/man5/.k5login.5* +%{krb5prefix}/man/man5/krb5.conf.5* %files server %defattr(-,root,root) @@ -842,9 +862,9 @@ fi %config /etc/rc.d/init.d/krb524 %config /etc/rc.d/init.d/kprop -%doc doc/admin*.ps.gz doc/admin*.html +%doc doc/admin*.ps.gz doc/krb5-admin*.html %doc doc/krb425*.ps.gz doc/krb425*.html -%doc doc/install*.ps.gz doc/install*.html +%doc doc/install*.ps.gz doc/krb5-install*.html %doc README.krb524 %{_infodir}/krb5-admin.info* @@ -856,47 +876,50 @@ fi %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf %config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl -%dir %{prefix}/bin -%dir %{prefix}/man -%dir %{prefix}/man/man1 -%dir %{prefix}/man/man5 -%dir %{prefix}/man/man8 -%dir %{prefix}/sbin +%dir %{krb5prefix}/bin +%dir %{krb5prefix}/man +%dir %{krb5prefix}/man/man1 +%dir %{krb5prefix}/man/man5 +%dir %{krb5prefix}/man/man8 +%dir %{krb5prefix}/sbin -%{prefix}/man/man5/kdc.conf.5* -%{prefix}/sbin/kadmin.local -%{prefix}/man/man8/kadmin.local.8* -%{prefix}/sbin/kadmind -%{prefix}/man/man8/kadmind.8* -%{prefix}/sbin/kadmind4 -%{prefix}/sbin/kdb5_util -%{prefix}/man/man8/kdb5_util.8* -%{prefix}/sbin/kprop -%{prefix}/man/man8/kprop.8* -%{prefix}/sbin/kpropd -%{prefix}/man/man8/kpropd.8* -%{prefix}/sbin/krb524d -%{prefix}/sbin/krb5kdc -%{prefix}/man/man8/krb5kdc.8* -%{prefix}/sbin/sim_server -%{prefix}/sbin/v5passwdd +%{krb5prefix}/man/man5/kdc.conf.5* +%{krb5prefix}/sbin/kadmin.local +%{krb5prefix}/man/man8/kadmin.local.8* +%{krb5prefix}/sbin/kadmind +%{krb5prefix}/man/man8/kadmind.8* +%{krb5prefix}/sbin/kadmind4 +%{krb5prefix}/sbin/kdb5_util +%{krb5prefix}/man/man8/kdb5_util.8* +%{krb5prefix}/sbin/kprop +%{krb5prefix}/man/man8/kprop.8* +%{krb5prefix}/sbin/kpropd +%{krb5prefix}/man/man8/kpropd.8* +%{krb5prefix}/sbin/krb524d +%{krb5prefix}/sbin/krb5kdc +%{krb5prefix}/man/man8/krb5kdc.8* +%{krb5prefix}/sbin/sim_server +%{krb5prefix}/sbin/v5passwdd # This is here for people who want to test their server, and also # included in devel package for similar reasons. -%{prefix}/bin/sclient -%{prefix}/man/man1/sclient.1* -%{prefix}/sbin/sserver -%{prefix}/man/man8/sserver.8* +%{krb5prefix}/bin/sclient +%{krb5prefix}/man/man1/sclient.1* +%{krb5prefix}/sbin/sserver +%{krb5prefix}/man/man8/sserver.8* %files libs %defattr(-,root,root) %config /etc/rc.d/init.d/kdcrotate %config(noreplace) /etc/krb5.conf -%dir %{prefix}/%{_lib} -%{prefix}/%{_lib}/lib*.so.* -%{prefix}/share +%{_libdir}/lib*.so.* +%{krb5prefix}/share %files devel %defattr(-,root,root) + +%config /etc/profile.d/krb5.sh +%config /etc/profile.d/krb5.csh + %doc doc/api %doc doc/implement %doc doc/kadm5 @@ -904,19 +927,19 @@ fi %doc doc/krb5-protocol %doc doc/rpc -%dir %{prefix} -%dir %{prefix}/bin -%dir %{prefix}/man -%dir %{prefix}/man/man1 -%dir %{prefix}/man/man8 -%dir %{prefix}/sbin +%dir %{krb5prefix} +%dir %{krb5prefix}/bin +%dir %{krb5prefix}/man +%dir %{krb5prefix}/man/man1 +%dir %{krb5prefix}/man/man8 +%dir %{krb5prefix}/sbin -%{prefix}/include -%{prefix}/%{_lib}/lib*.a -%{prefix}/%{_lib}/lib*.so +%{_includedir}/* +%{_libdir}/lib*.a +%{_libdir}/lib*.so -%{prefix}/bin/krb5-config -%{prefix}/bin/sclient -%{prefix}/man/man1/sclient.1* -%{prefix}/man/man8/sserver.8* -%{prefix}/sbin/sserver +%{krb5prefix}/bin/krb5-config +%{krb5prefix}/bin/sclient +%{krb5prefix}/man/man1/sclient.1* +%{krb5prefix}/man/man8/sserver.8* +%{krb5prefix}/sbin/sserver diff --git a/sources b/sources index 5c11b27..466c178 100644 --- a/sources +++ b/sources @@ -1,2 +1 @@ -88d770f2de2c1bd842b511f47002a807 2003-004-krb4_patchkit.tar.gz -854b52face2a8f771caf88166fa269d3 krb5-1.2.7.tar.gz +73f868cf65bec56d7c718834ca5665fd krb5-1.3.1.tar.gz