Browse Source

krb5: update to 1.11.1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@7562 ec354946-7b23-47d6-9f5a-488ba84defc7
daisuke 11 years ago
parent
commit
5a25915b87
1 changed files with 85 additions and 136 deletions
  1. 85 136
      k/krb5/krb5-vl.spec

+ 85 - 136
k/krb5/krb5-vl.spec

@@ -4,19 +4,25 @@
 %global WITH_OPENSSL 1
 %global WITH_DIRSRV 1
 
+%global WITH_SYSVERTO 0
+
 # This'll be pulled out at some point.
 %define build_static 0
 
+# Set this so that find-lang.sh will recognize the .po files.
+%global gettext_domain mit-krb5
+
 Summary: The Kerberos network authentication system
 Summary(ja): Kerberos ネットワーク認証システム
 Name: krb5
-Version: 1.8.2
-Release: 7%{_dist_release}
+Version: 1.11.1
+Release: 1%{_dist_release}
 
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.8/krb5-1.8.2-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 # Source1: krb5-%{version}.tar.gz.asc
+
 Source2: kpropd.init
 Source4: kadmind.init
 Source5: krb5kdc.init
@@ -27,46 +33,36 @@ Source19: krb5kdc.sysconfig
 Source20: kadmin.sysconfig
 # The same source files we "check", generated with "krb5-tex-pdf.sh create"
 # and tarred up.
-Source23: krb5-%{version}-pdf.tar.gz
+Source23: krb5-%{version}-pdf.tar.xz
 Source24: krb5-tex-pdf.sh
 Source25: krb5-1.8-manpaths.txt
 Source29: ksu.pamd
 Source30: kerberos-iv.portreserve
 Source31: kerberos-adm.portreserve
 Source32: krb5_prop.portreserve
-
-Patch5: krb5-1.8-ksu-access.patch
-Patch6: krb5-1.8-ksu-path.patch
+Source33: krb5kdc.logrotate
+Source34: kadmind.logrotate
+Source36: kpropd.init
+Source37: kadmind.init
+Source38: krb5kdc.init
+
+Patch5: krb5-1.10-ksu-access.patch
+Patch6: krb5-1.10-ksu-path.patch
 Patch12: krb5-1.7-ktany.patch
-Patch16: krb5-1.7-buildconf.patch
+Patch16: krb5-1.10-buildconf.patch
 Patch23: krb5-1.3.1-dns.patch
-Patch29: krb5-1.8-kprop-mktemp.patch
+Patch29: krb5-1.10-kprop-mktemp.patch
 Patch30: krb5-1.3.4-send-pr-tempfile.patch
 Patch39: krb5-1.8-api.patch
-# Patch53: krb5-1.7-nodeplibs.patch
-Patch56: krb5-1.7-doublelog.patch
-Patch58: krb5-1.8-key_exp.patch
-Patch59: krb5-1.8-kpasswd_tcp.patch
-Patch60: krb5-1.8-pam.patch
-Patch61: krb5-1.8-manpaths.patch
-# Patch63: krb5-1.8-selinux-label.patch
-Patch70: krb5-trunk-kpasswd_tcp2.patch
-Patch71: krb5-1.8-dirsrv-accountlock.patch
-Patch72: krb5-1-8-gss-noexp.patch
-Patch73: krb5-1.8.x-authdata.patch
-Patch74: krb5-trunk-key_usage.patch
+Patch56: krb5-1.10-doublelog.patch
+Patch59: krb5-1.10-kpasswd_tcp.patch
+Patch60: krb5-1.11-pam.patch
+Patch71: krb5-1.11-dirsrv-accountlock.patch
 Patch75: krb5-trunk-signed.patch
-Patch76: krb5-1.8.2-1.8.3-crypto.patch
-Patch77: krb5-1.8-MITKRB5SA-2010-007.patch
-Patch78: krb5-1.8-MITKRB5SA-2011-001.patch
-Patch79: krb5-1.8-MITKRB5SA-2011-002.patch
-Patch80: krb5-1.9-MITKRB5SA-2011-003.patch
-Patch81: krb5-1.8-MITKRB5SA-2011-004.patch
-Patch82: krb5-1.8-MITKRB5-SA-2011-006.patch
-
-Patch83: krb5-1.8-MITKRB5-SA-2012-001.patch
-Patch84: krb5-kadmind-null-password.patch
-
+Patch86: krb5-1.9-debuginfo.patch
+Patch105: krb5-kvno-230379.patch
+Patch113: krb5-1.11-alpha1-init.patch
+Patch114: krb5-lookup_etypes-leak.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -89,6 +85,9 @@ BuildRequires: openldap-devel
 %if %{WITH_OPENSSL}
 BuildRequires: openssl-devel >= 1.0.0
 %endif
+%if %{WITH_SYSVERTO}
+BuildRequires: libverto-devel
+%endif
 
 Vendor: Project Vine
 Distribution: Vine Linux
@@ -105,6 +104,9 @@ Requires: %{name}-libs = %{version}-%{release}
 # Requires: keyutils-libs-devel, libselinux-devel
 Requires: keyutils-libs-devel
 Requires: e2fsprogs-devel
+%if %{WITH_SYSVERTO}
+Requires: libverto-devel
+%endif
 
 %description devel
 Kerberos is a network authentication system. The krb5-devel package
@@ -134,6 +136,11 @@ Requires(postun): initscripts
 Requires: mktemp
 # portreserve is used by init scripts for kadmind, kpropd, and krb5kdc
 Requires: portreserve
+%if %{WITH_SYSVERTO}
+# for run-time, and for parts of the test suite
+BuildRequires: libverto-module-base
+Requires: libverto-module-base
+%endif
 
 %description server
 Kerberos is a network authentication system. The krb5-server package
@@ -231,8 +238,6 @@ ln -s NOTICE LICENSE
 
 %patch60 -p1 -b .pam
 
-%patch61 -p1 -b .manpaths
-
 # %patch63 -p1 -b .selinux-label
 
 %patch5  -p1 -b .ksu-access
@@ -243,67 +248,16 @@ ln -s NOTICE LICENSE
 %patch29 -p1 -b .kprop-mktemp
 %patch30 -p1 -b .send-pr-tempfile
 %patch39 -p1 -b .api
-# %patch53 -p1 -b .nodeplibs
 %patch56 -p1 -b .doublelog
-%patch58 -p1 -b .key_exp
 %patch59 -p1 -b .kpasswd_tcp
-# %patch70 -p0 -b .kpasswd_tcp2
 %patch71 -p1 -b .dirsrv-accountlock
-%patch72 -p0 -b .gss-noexp
-%patch73 -p1 -b .authdata
-%patch74 -p0 -b .key_usage
-%patch75 -p0 -b .signed
-%patch76 -p1 -b .1.8.2-1.8.3-crypto
-%patch77 -p1 -b .2010-007
-%patch78 -p1 -b .2011-001
-%patch79 -p1 -b .2011-002
-%patch80 -p1 -b .2011-003
-%patch81 -p1 -b .2011-004
-%patch82 -p1 -b .2011-006
-
-%patch83 -p0 -b .2012-001
-%patch84 -p1 -b .kadmind-null-password
-
-
-gzip doc/*.ps
-
-sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
-sed -i -e '1c\
-\\documentclass{article}\
-\\usepackage{fixunder}\
-\\usepackage{functions}\
-\\usepackage{fancyheadings}\
-\\usepackage{hyperref}' doc/implement/implement.tex
+%patch86 -p0 -b .debuginfo
+%patch105 -p1 -b .kvno
+%patch113 -p1 -b .init
+%patch114 -p1 -b .lookup_etypes-leak
 
 # Take the execute bit off of documentation.
-chmod -x doc/krb5-protocol/*.txt doc/*.html doc/*/*.html
-
-# Rename the man pages so that they'll get generated correctly.  Uses the
-# "krb5-1.8-manpaths.txt" source file.
-pushd src
-cat %{SOURCE25} | while read manpage ; do
-	mv "$manpage" "$manpage".in
-done
-popd
-
-# Check that the PDFs we built earlier match this source tree, using the
-# "krb5-tex-pdf.sh" source file.
-sh %{SOURCE24} check << EOF
-doc/api       library krb5
-doc/implement implement
-doc/kadm5     adb-unit-test
-doc/kadm5     api-unit-test
-doc/kadm5     api-funcspec
-doc/kadm5     api-server-design
-EOF
-
-# Fix the LDIF file.
-if test %{version} != 1.8.2 ; then
-	# Hopefully this was fixed later.
-	exit 1
-fi
-sed -i s,^attributetype:,attributetypes:,g \
-	src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
+chmod -x doc/krb5-protocol/*.txt
 
 # Generate an FDS-compatible LDIF file.
 inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -311,7 +265,9 @@ cat > 60kerberos.ldif << EOF
 # This is a variation on kerberos.ldif which 389 Directory Server will like.
 dn: cn=schema
 EOF
-egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif >> 60kerberos.ldif
+egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
+sed -r 's,^             ,                ,g' | \
+sed -r 's,^     ,        ,g' >> 60kerberos.ldif
 touch -r $inldif 60kerberos.ldif
 
 # Rebuild the configure scripts.
@@ -330,11 +286,7 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 	CC="%{__cc}" \
 	CFLAGS="$CFLAGS" \
 	CPPFLAGS="$CPPFLAGS" \
-%if 0%{?fedora} >= 7 || 0%{?rhel} >= 6
-	SS_LIB="-lss" \
-%else
 	SS_LIB="-lss -lncurses" \
-%endif
 	--enable-shared \
 %if %{build_static}
 	--enable-static \
@@ -347,42 +299,47 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 	--without-tcl \
 	--enable-dns-for-realm \
 %if %{WITH_LDAP}
-%if %{WITH_DIRSRV}
-	--with-dirsrv \
-%else
 	--with-ldap \
+%if %{WITH_DIRSRV}
+	--with-dirsrv-account-locking \
 %endif
 %endif
 %if %{WITH_OPENSSL}
 	--enable-pkinit \
+        --with-pkinit-crypto-impl=openssl \
 %else
 	--disable-pkinit \
+%endif
+%if %{WITH_SYSVERTO}
+        --with-system-verto \
+%else
+        --without-system-verto \
 %endif
 	--with-pam
-#	--with-selinux
+
 # Now build it.
 make %{?_smp_mflags}
 popd
 
-# Run the test suite.  We can't actually do this in the build system.
+%check
+# Run the test suite. We can't actually run the whole thing in the build system.
+make -C src runenv.py
 : make -C src check TMPDIR=%{_tmppath}
+make -C src/lib check TMPDIR=%{_tmppath}
+make -C src/kdc check TMPDIR=%{_tmppath}
+
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
-# Info docs.
-mkdir -p $RPM_BUILD_ROOT%{_infodir}
-install -m 644 doc/*.info* $RPM_BUILD_ROOT%{_infodir}/
-
-# Unconditionally compress the info pages so that we know the right file name
-# to pass to install-info in %%post.
-gzip $RPM_BUILD_ROOT%{_infodir}/*.info*
-
 # Sample KDC config files (bundled kdc.conf and kadm5.acl).
 mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc
 install -pm 600 %{SOURCE10} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
 install -pm 600 %{SOURCE11} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
 
+# Where per-user keytabs live by default.
+mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/kdc/user
+
 # Default configuration file for everything.
 mkdir -p $RPM_BUILD_ROOT/etc
 install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
@@ -455,6 +412,8 @@ for library in libgssapi_krb5 libgssrpc libk5crypto libkrb5 libkrb5support ; do
 	popd
 done
 
+%find_lang %{gettext_domain}
+
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
@@ -473,9 +432,6 @@ done
 /sbin/chkconfig --add krb5kdc
 /sbin/chkconfig --add kadmin
 /sbin/chkconfig --add kprop
-# Install info pages.
-/sbin/install-info %{_infodir}/krb5-admin.info.gz %{_infodir}/dir
-/sbin/install-info %{_infodir}/krb5-install.info.gz %{_infodir}/dir
 exit 0
 
 %preun server
@@ -486,8 +442,6 @@ if [ "$1" -eq "0" ] ; then
 	/sbin/service krb5kdc stop > /dev/null 2>&1 || :
 	/sbin/service kadmin stop > /dev/null 2>&1 || :
 	/sbin/service kprop stop > /dev/null 2>&1 || :
-	/sbin/install-info --delete %{_infodir}/krb5-admin.info.gz %{_infodir}/dir
-	/sbin/install-info --delete %{_infodir}/krb5-install.info.gz %{_infodir}/dir
 fi
 exit 0
 
@@ -507,16 +461,6 @@ if [ "$2" -eq "0" ] ; then
 fi
 exit 0
 
-%post workstation
-/sbin/install-info %{_infodir}/krb5-user.info %{_infodir}/dir
-exit 0
-
-%postun workstation
-if [ "$1" -eq "0" ] ; then
-	/sbin/install-info --delete %{_infodir}/krb5-user.info %{_infodir}/dir
-fi
-exit 0
-
 %post -n compat32-%{name}-libs -p /sbin/ldconfig
 
 %postun -n compat32-%{name}-libs -p /sbin/ldconfig
@@ -527,7 +471,6 @@ exit 0
 %doc doc/{kdestroy,kinit,klist,kpasswd,ksu}.html
 %doc doc/krb5-user.html
 %attr(0755,root,root) %doc src/config-files/convert-config-files
-%{_infodir}/krb5-user.info*
 
 # Clients of the KDC, including tools you're likely to need if you're running
 # app servers other than those built from this source package.
@@ -539,6 +482,8 @@ exit 0
 %{_mandir}/man1/klist.1*
 %{_bindir}/kpasswd
 %{_mandir}/man1/kpasswd.1*
+%{_bindir}/kswitch
+%{_mandir}/man1/kswitch.1*
 
 %{_bindir}/kvno
 %{_mandir}/man1/kvno.1*
@@ -578,9 +523,6 @@ exit 0
 %doc doc/krb5-admin.html
 %doc doc/krb5-install.html
 
-%{_infodir}/krb5-admin.info*
-%{_infodir}/krb5-install.info*
-
 %dir %{_var}/kerberos
 %dir %{_var}/kerberos/krb5kdc
 %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
@@ -599,6 +541,7 @@ exit 0
 %{_mandir}/man1/krb5-send-pr.1*
 
 # KDC binaries and configuration.
+%{_mandir}/man5/kadm5.acl.5*
 %{_mandir}/man5/kdc.conf.5*
 %{_sbindir}/kadmin.local
 %{_mandir}/man8/kadmin.local.8*
@@ -639,13 +582,15 @@ exit 0
 %{_sbindir}/kdb5_ldap_util
 %endif
 
-%files libs
+%files libs -f %{gettext_domain}.lang
 %defattr(-,root,root,-)
 %doc README NOTICE LICENSE
 %docdir %{_mandir}
 %verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf
-/%{_mandir}/man1/kerberos.1*
+/%{_mandir}/man5/.k5identity.5*
 /%{_mandir}/man5/.k5login.5*
+/%{_mandir}/man5/k5identity.5*
+/%{_mandir}/man5/k5login.5*
 /%{_mandir}/man5/krb5.conf.5*
 /%{_lib}/libgssapi_krb5.so.*
 /%{_lib}/libgssrpc.so.*
@@ -658,8 +603,14 @@ exit 0
 %dir %{_libdir}/krb5
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
-%{_libdir}/krb5/plugins/preauth/encrypted_challenge.so
 %{_libdir}/krb5/plugins/kdb/db2.so
+%dir %{_var}/kerberos
+%dir %{_var}/kerberos/kdc
+%dir %{_var}/kerberos/kdc/user
+%if ! %{WITH_SYSVERTO}
+%{_libdir}/libverto.so
+%{_libdir}/libverto.so.*
+%endif
 
 %if %{WITH_OPENSSL}
 %files pkinit-openssl
@@ -673,12 +624,9 @@ exit 0
 %files devel
 %defattr(-,root,root,-)
 %docdir %{_mandir}
-%doc doc/api/*.pdf
+%doc build-pdf/*.pdf
 %doc doc/ccapi
-%doc doc/implement/*.pdf
-%doc doc/kadm5/*.pdf
 %doc doc/kadmin
-%doc doc/kim
 %doc doc/krb5-protocol
 %doc doc/rpc
 %doc doc/threads.txt
@@ -700,7 +648,6 @@ exit 0
 
 %{_bindir}/krb5-config
 %{_bindir}/sclient
-%{_mandir}/man1/krb5-config.1*
 %{_mandir}/man1/sclient.1*
 %{_mandir}/man8/sserver.8*
 %{_sbindir}/sserver
@@ -730,7 +677,6 @@ exit 0
 %dir %{_libdir}/krb5
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
-%{_libdir}/krb5/plugins/preauth/encrypted_challenge.so
 %{_libdir}/krb5/plugins/kdb/db2.so
 
 %if %{WITH_OPENSSL}
@@ -761,6 +707,9 @@ exit 0
 %endif
 
 %changelog
+* Tue Mar 19 2013 Daisuke SUZUKI <daisuke@linux.or.jp> 1.11.1-1
+- update to 1.11.1
+
 * Thu Sep 20 2012 Satoshi IWAMOTO <satoshi.iwamoto@nifty.ne.jp> 1.8.2-7
 - add patch83 for fix CVE-2012-1015 (MITKRB5-SA-2012-001)
 - add patch84 for fix CVE-2012-1013 (kadmind)