krb5-1.16-2

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@11555 ec354946-7b23-47d6-9f5a-488ba84defc7

k/krb5/krb5-vl.spec

@@ -20,14 +20,14 @@ BuildRequires: socket_wrapper
 Summary: The Kerberos network authentication system
 Summary(ja): Kerberos ネットワーク認証システム
 Name: krb5
-Version: 1.14.3
-Release: 1%{_dist_release}
+Version: 1.16
+Release: 2%{_dist_release}
 
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 # Source1: krb5-%{version}.tar.gz.asc
-#Source3: krb5-%{version}-pdfs.tar
+Source3: krb5-%{version}-pdfs.tar
 Source1000: krb5-%{version}-man.tar
 Source1001: krb5-%{version}-html.tar
 
@@ -53,23 +53,19 @@ Source39: krb5-krb5kdc.conf
 # Carry this locally until it's available in a packaged form.
 Source100: noport.c
 
-Patch6: krb5-1.12-ksu-path.patch
-Patch12: krb5-1.12-ktany.patch
-Patch16: krb5-1.12-buildconf.patch
-Patch23: krb5-1.3.1-dns.patch
-Patch39: krb5-1.12-api.patch
-Patch60: krb5-1.12.1-pam.patch
-Patch71: krb5-1.13-dirsrv-accountlock.patch
-Patch86: krb5-1.9-debuginfo.patch
-Patch129: krb5-1.11-run_user_0.patch
-Patch134: krb5-1.11-kpasswdtest.patch
-Patch148: krb5-disable_ofd_locks.patch
-Patch150: krb5-acquire_cred_interposer.patch
-Patch153: krb5-1.14.2-log_file_permissions.patch
-
-Patch164: krb5-1.15-kdc_send_receive_hooks.patch
-Patch165: krb5-1.15-kdc_hooks_test.patch
-
+Patch26: krb5-1.12.1-pam.patch
+Patch27: krb5-1.15.1-selinux-label.patch
+Patch28: krb5-1.12-ksu-path.patch
+Patch29: krb5-1.12-ktany.patch
+Patch30: krb5-1.15-beta1-buildconf.patch
+Patch31: krb5-1.3.1-dns.patch
+Patch32: krb5-1.12-api.patch
+Patch33: krb5-1.13-dirsrv-accountlock.patch
+Patch34: krb5-1.9-debuginfo.patch
+Patch35: krb5-1.11-run_user_0.patch
+Patch36: krb5-1.11-kpasswdtest.patch
+Patch37: Process-included-directories-in-alphabetical-order.patch
+Patch38: Fix-flaws-in-LDAP-DN-checking.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -80,7 +76,7 @@ BuildRequires: autoconf, bison, flex, gawk
 # BuildRequires: libcom_err-devel, libss-devel
 BuildRequires: e2fsprogs-devel
 # BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
-BuildRequires: gzip, ncurses-devel, texinfo, tar
+BuildRequires: gzip, ncurses-devel, texinfo, tar, git
 # BuildRequires: python-sphinx
 # BuildRequires: texlive
 # BuildRequires: texlive-latexrecommended
@@ -242,39 +238,18 @@ certificate.
 # end of compat32 package
 
 %prep
-#setup -q -a 3 -a 1000 -a 1001
-%setup -q -a 1000 -a 1001
-ln -s NOTICE LICENSE
-
-%patch60 -p1 -b .pam
-
-# %patch63 -p1 -b .selinux-label
-
-%patch6  -p1 -b .ksu-path
-%patch12 -p1 -b .ktany
-%patch16 -p1 -b .buildconf %{?_rawbuild}
-%patch23 -p1 -b .dns %{?_rawbuild}
-%patch39 -p1 -b .api
-%patch71 -p1 -b .dirsrv-accountlock %{?_rawbuild}
-%patch86 -p0 -b .debuginfo
-
-# Apply when the hard-wired or configured default location is
-# DIR:/run/user/%%{uid}/krb5cc.
-#%patch129 -p1 -b .run_user_0
+%autosetup -S git -n %{name}-%{version}
+tar xvf %{SOURCE3}
+tar xvf %{SOURCE1000}
+tar xvf %{SOURCE1001}
 
-%patch134 -p1 -b .kpasswdtest
-
-%patch148 -p1 -b .disable_ofd_locks
-
-%patch150 -p1 -b .fix_interposer
-
-%patch153 -p1 -b .log_file_permissions
+ln -s NOTICE LICENSE
 
-%patch164 -p1 -b .kdc_send_receive_hooks
-%patch165 -p1 -b .kdc_hooks_test
+# Take the execute bit off of documentation.
+chmod -x doc/ccapi/*.html
 
 # Take the execute bit off of documentation.
-chmod -x doc/krb5-protocol/*.txt doc/ccapi/*.html
+chmod -x doc/ccapi/*.html
 
 # Generate an FDS-compatible LDIF file.
 inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
@@ -283,13 +258,13 @@ cat > '60kerberos.ldif' << EOF
 dn: cn=schema
 EOF
 egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
-sed -r 's,^		,                ,g' | \
-sed -r 's,^	,        ,g' >> 60kerberos.ldif
+sed -r 's,^             ,                ,g' | \
+sed -r 's,^     ,        ,g' >> 60kerberos.ldif
 touch -r $inldif 60kerberos.ldif
 
 # Rebuild the configure scripts.
 pushd src
-./util/reconf --verbose
+autoreconf -fiv
 popd
 
 # Mess with some of the default ports that we use for testing, so that multiple
@@ -315,6 +290,7 @@ sed -i -e s,7778,`expr "$PORT" + 1`,g $cfg
 
 %build
 pushd src
+
 # Set this so that configure will have a value even if the current version of
 # autoconf doesn't set one.
 export runstatedir=%{_localstatedir}/run
@@ -326,7 +302,8 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 	CC="%{__cc}" \
 	CFLAGS="$CFLAGS" \
 	CPPFLAGS="$CPPFLAGS" \
-	SS_LIB="-lss -lncurses" \
+	SS_LIB="-lss" \
+	--with-selinux=no \
 	--enable-shared \
 %if %{build_static}
 	--enable-static \
@@ -370,7 +347,7 @@ if test "$configured_kdcrundir" != %{_localstatedir}/run/krb5kdc ; then
 fi
 
 ## Build the docs.
-#make -C src/doc paths.py version.py
+#LANG=C make -C src/doc paths.py version.py
 #cp src/doc/paths.py doc/
 #mkdir -p build-man build-html build-pdf
 #sphinx-build -a -b man   -t pathsubs doc build-man
@@ -421,15 +398,13 @@ install -pm 600 %{SOURCE10} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
 install -pm 600 %{SOURCE11} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/
 
 # Where per-user keytabs live by default.
-mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/kdc/user
+mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5/user
 
 # Default configuration file for everything.
 mkdir -p $RPM_BUILD_ROOT/etc
 install -pm 644 %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
 
 
-
-
 # Default include on this directory
 mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d
 #ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies
@@ -442,20 +417,20 @@ mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss
 # hard-coded in g_initialize.c.
 mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d
 
+
 # If the default configuration needs to start specifying a default cache
 # location, add it now, then fixup the timestamp so that it looks the same.
 %if 0%{?configure_default_ccache_name}
 export DEFCCNAME="%{configured_default_ccache_name}"
 awk '{print}
-     /^# default_realm/{print " default_ccache_name =", ENVIRON["DEFCCNAME"]}' \
-     %{SOURCE6} > $RPM_BUILD_ROOT/etc/krb5.conf
+	/^# default_realm/{print " default_ccache_name =", ENVIRON["DEFCCNAME"]}' \
+	%{SOURCE6} > $RPM_BUILD_ROOT/etc/krb5.conf
 touch -r %{SOURCE6} $RPM_BUILD_ROOT/etc/krb5.conf
 grep default_ccache_name $RPM_BUILD_ROOT/etc/krb5.conf
 %endif
 
 
 
-
 # Server init scripts (krb5kdc,kadmind,kpropd) and their sysconfig files.
 mkdir -p $RPM_BUILD_ROOT/etc/rc.d/init.d
 for init in \
@@ -490,10 +465,10 @@ done
 # logrotate configuration files
 mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/
 for logrotate in \
-        %{SOURCE33} \
-        %{SOURCE34} ; do
-        install -pm 644 ${logrotate} \
-        $RPM_BUILD_ROOT/etc/logrotate.d/`basename ${logrotate} .logrotate`
+	%{SOURCE33} \
+	%{SOURCE34} ; do
+	install -pm 644 ${logrotate} \
+	$RPM_BUILD_ROOT/etc/logrotate.d/`basename ${logrotate} .logrotate`
 done
 
 # PAM configuration files.
@@ -517,10 +492,19 @@ make -C src DESTDIR=$RPM_BUILD_ROOT EXAMPLEDIR=%{_docdir}/krb5-libs-%{version}/e
 # list of link flags, and it helps prevent file conflicts on multilib systems.
 sed -r -i -e 's|^libdir=/usr/lib(64)?$|libdir=/usr/lib|g' $RPM_BUILD_ROOT%{_bindir}/krb5-config
 
+# Temporay workaround for krb5-config reading too much from LDFLAGS.
+# Upstream: http://krbdev.mit.edu/rt/Ticket/Display.html?id=8159
+sed -r -i -e "s/-specs=\/.+?\/redhat-hardened-ld//g" $RPM_BUILD_ROOT%{_bindir}/krb5-config
+
+if [[ "$(< $RPM_BUILD_ROOT%{_bindir}/krb5-config )" == *redhat-hardened-ld* ]] ; then
+        printf '# redhat-hardened-ld for krb5-config failed' 1>&2
+        exit 1
+fi
+
 # Install processed man pages.
 for section in 1 5 8 ; do
-        install -m 644 build-man/*.${section} \
-                       $RPM_BUILD_ROOT/%{_mandir}/man${section}/
+	install -m 644 build-man/*.${section} \
+		$RPM_BUILD_ROOT/%{_mandir}/man${section}/
 done
 
 # Move specific libraries from %{_libdir} to /%{_lib}, and fixup the symlinks.
@@ -599,6 +583,14 @@ if [ "$2" -eq "0" ] ; then
 fi
 exit 0
 
+%triggerun libs -- krb5-libs < 1.16-2
+if grep -q '^includedir /etc/krb5.conf.d' /etc/krb5.conf ; then
+	perl -pi \
+		-e 's|^includedir /etc/krb5.conf.d|#includedir /etc/krb5.conf.d|' \
+		/etc/krb5.conf
+fi
+exit 0
+
 %post -n compat32-%{name}-libs -p /sbin/ldconfig
 
 %postun -n compat32-%{name}-libs -p /sbin/ldconfig
@@ -608,7 +600,7 @@ exit 0
 %doc src/config-files/services.append
 %doc src/config-files/krb5.conf
 %doc build-html/*
-#doc build-pdf/user.pdf build-pdf/basic.pdf
+%doc build-pdf/user.pdf build-pdf/basic.pdf
 %attr(0755,root,root) %doc src/config-files/convert-config-files
 
 # Clients of the KDC, including tools you're likely to need if you're running
@@ -641,7 +633,7 @@ exit 0
 %files server
 %defattr(-,root,root,-)
 %docdir %{_mandir}
-#doc build-pdf/admin.pdf build-pdf/build.pdf
+%doc build-pdf/admin.pdf build-pdf/build.pdf
 %doc src/config-files/kdc.conf
 
 /etc/rc.d/init.d/krb5kdc
@@ -738,8 +730,8 @@ exit 0
 %{_libdir}/krb5/plugins/kdb/db2.so
 %{_libdir}/krb5/plugins/tls/k5tls.so
 %dir %{_var}/kerberos
-%dir %{_var}/kerberos/kdc
-%dir %{_var}/kerberos/kdc/user
+%dir %{_var}/kerberos/krb5
+%dir %{_var}/kerberos/krb5/user
 %if ! %{WITH_SYSVERTO}
 %{_libdir}/libverto.so
 %{_libdir}/libverto.so.*
@@ -757,8 +749,7 @@ exit 0
 %files devel
 %defattr(-,root,root,-)
 %docdir %{_mandir}
-%doc doc/krb5-protocol
-#doc build-pdf/appdev.pdf build-pdf/plugindev.pdf
+%doc build-pdf/appdev.pdf build-pdf/plugindev.pdf
 
 %{_includedir}/*
 %{_libdir}/libgssapi_krb5.so
@@ -841,6 +832,12 @@ exit 0
 %endif
 
 %changelog
+* Wed Feb 28 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16-2
+- fixed /etc/krb5.conf.
+
+* Wed Feb 28 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16-1
+- updated to 1.16.
+
 * Mon Aug  1 2016 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.14.3-1
 - updated to 1.14.3.