Projects
openEuler:24.03:SP1:Everything
krb5
_service:tar_scm:krb5.spec
Sign Up
Log In
Username
Password
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File _service:tar_scm:krb5.spec of Package krb5
%global _hardening_ldflags %{nil} %global WITH_DIRSRV 1 Name: krb5 Version: 1.21.2 Release: 11 Summary: The Kerberos network authentication protocol License: MIT URL: http://web.mit.edu/kerberos/www/ Source0: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz Source1: https://web.mit.edu/kerberos/dist/krb5/1.21/%{name}-%{version}.tar.gz.asc Source2: kprop.service Source3: kadmin.service Source4: krb5kdc.service Source5: krb5.conf Source6: kdc.conf Source7: kadm5.acl Source11: ksu.pamd Source12: krb5kdc.logrotate Source13: kadmind.logrotate Source100: noport.c Patch0: ksu-pam-integration.patch Patch1: SELinux-integration.patch Patch2: Adjust-build-configuration.patch Patch3: netlib-and-dns.patch Patch4: fix-debuginfo-with-y.tab.c.patch Patch5: Remove-3des-support.patch Patch6: Fix-krb5_cccol_have_content-bad-pointer-free.patch Patch7: Do-not-reload-a-modified-profile-data-object.patch Patch8: backport-Fix-unimportant-memory-leaks.patch Patch9: backport-Remove-klist-s-defname-global-variable.patch Patch10: backport-Fix-two-unlikely-memory-leaks.patch Patch11: backport-Allow-modifications-of-empty-profiles.patch Patch12: fix-leak-in-KDC-NDR-encoding.patch Patch13: backport-Fix-more-non-prototype-functions.patch Patch14: backport-Fix-Python-regexp-literals.patch Patch15: backport-Handle-empty-initial-buffer-in-IAKERB-initiator.patch Patch16: backport-CVE-2024-37370-CVE-2024-37371-Fix-vulnerabilities-in-GSS-message-token-handling.patch Patch17: backport-Change-krb5_get_credentials-endtime-behavior.patch Patch18: backport-Fix-memory-leak-in-PAC-checksum-verification.patch Patch19: fix-libkadm5-parameter-leak.patch Patch20: backport-CVE-2024-3596.patch BuildRequires: gettext BuildRequires: gcc make automake autoconf pkgconfig pam-devel libselinux-devel byacc BuildRequires: libcom_err-devel openssl-devel openldap-devel libss-devel libverto-module-base # tests BuildRequires: perl-interpreter dejagnu python3 tcl-devel BuildRequires: net-tools rpcbind hostname iproute libverto-devel BuildRequires: nss_wrapper socket_wrapper keyutils, keyutils-libs-devel BuildRequires: lmdb-devel Obsoletes: libkadm5 < %{version}-%{release} Provides: libkadm5 = %{version}-%{release} %description Kerberos is a network authentication protocol. It is designed to provide strong authentication for client/server applications by using secret-key cryptography. %package server Summary: krb5 server Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: logrotate libverto systemd words crypto-policies Obsoletes: krb5-pkinit < %{version}-%{release} Obsoletes: krb5-server-ldap < %{version}-%{release} Provides: krb5-pkinit = %{version}-%{release} Provides: krb5-server-ldap = %{version}-%{release} Obsoletes: krb5-pkinit-openssl < %{version}-%{release} Provides: krb5-pkinit-openssl = %{version}-%{release} %{?systemd_requires} %description server This package provides krb5 server programs. %package client Summary: krb5 client Requires: %{name}-libs%{?_isa} = %{version}-%{release} Obsoletes: %{name}-workstation < %{version}-%{release} Provides: %{name}-workstation = %{version}-%{release} %description client This package provides krb5 client programs. %package devel Summary: Development files for compiling with krb5 Requires: %{name}-libs%{?_isa} = %{version}-%{release} Requires: e2fsprogs-devel keyutils-libs-devel libselinux-devel libverto-devel Provides: krb5-kdb-version = 7.0 %description devel %{summary}. %package libs Summary: The non-admin shared libraries used by Kerberos 5 Requires: coreutils gawk grep sed keyutils-libs Requires: /etc/crypto-policies/back-ends/krb5.config %description libs This package contains the shared libraries needed by Kerberos 5. %package_help %prep %autosetup -n %{name}-%{version} -p1 pushd src autoreconf -fiv popd %build source %{_libdir}/tclConfig.sh pushd src # Set this so that configure will have a value even if the current version of # autoconf doesn't set one. export runstatedir=%{_localstatedir}/run # Work out the CFLAGS and CPPFLAGS which we intend to use. INCLUDES=-I%{_includedir}/et CFLAGS="`echo $RPM_OPT_FLAGS $DEFINES $INCLUDES -fPIC -fno-strict-aliasing -fstack-protector-all`" CPPFLAGS="`echo $DEFINES $INCLUDES`" %configure \ CC="%{__cc}" \ CFLAGS="$CFLAGS" \ CPPFLAGS="$CPPFLAGS" \ SS_LIB="-lss" \ --enable-shared \ --localstatedir=%{_var}/kerberos \ --disable-rpath \ --without-krb5-config \ --with-system-et \ --with-system-ss \ --with-netlib=-lresolv \ --with-tcl \ --enable-dns-for-realm \ --with-ldap \ %if %{WITH_DIRSRV} --with-dirsrv-account-locking \ %endif --enable-pkinit \ --with-crypto-impl=openssl \ --with-tls-impl=openssl \ --with-system-verto \ --with-pam \ --with-selinux \ --with-prng-alg=os \ --with-lmdb \ || (cat config.log; exit 1) %make_build popd # We need to cut off any access to locally-running nameservers, too. %{__cc} -fPIC -shared -o noport.so -Wall -Wextra %{SOURCE100} %install pushd src %make_install popd mkdir -p $RPM_BUILD_ROOT/etc install -pm 644 %{SOURCE5} $RPM_BUILD_ROOT/etc/krb5.conf mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc install -pm 600 %{SOURCE6} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ install -pm 600 %{SOURCE7} $RPM_BUILD_ROOT%{_var}/kerberos/krb5kdc/ mkdir -p $RPM_BUILD_ROOT%{_var}/kerberos/krb5/user mkdir -p $RPM_BUILD_ROOT/etc/krb5.conf.d ln -sv /etc/crypto-policies/back-ends/krb5.config $RPM_BUILD_ROOT/etc/krb5.conf.d/crypto-policies mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss mkdir -m 755 -p $RPM_BUILD_ROOT/etc/gss/mech.d mkdir -p $RPM_BUILD_ROOT%{_unitdir} install -pm 644 %{SOURCE2} $RPM_BUILD_ROOT%{_unitdir} install -pm 644 %{SOURCE3} $RPM_BUILD_ROOT%{_unitdir} install -pm 644 %{SOURCE4} $RPM_BUILD_ROOT%{_unitdir} mkdir -p $RPM_BUILD_ROOT/%{_localstatedir}/run/krb5kdc # install logrotate config files for server mkdir -p $RPM_BUILD_ROOT/etc/logrotate.d/ install -pm 644 %{SOURCE12} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE12} .logrotate` install -pm 644 %{SOURCE13} $RPM_BUILD_ROOT/etc/logrotate.d/`basename %{SOURCE13} .logrotate` # PAM configuration files. mkdir -p $RPM_BUILD_ROOT/etc/pam.d/ install -pm 644 %{SOURCE11} $RPM_BUILD_ROOT/etc/pam.d/`basename %{SOURCE11} .pamd` install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/preauth install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/kdb install -d -m 755 $RPM_BUILD_ROOT/%{_libdir}/krb5/plugins/authdata # install ldap data file install -d -m 755 $RPM_BUILD_ROOT/%{_datadir}/kerberos/ldap install -m 644 src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema $RPM_BUILD_ROOT/%{_datadir}/kerberos/ldap/kerberos.schema install -m 644 src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif $RPM_BUILD_ROOT/%{_datadir}/kerberos/ldap/kerberos.ldif rm -vf %{buildroot}/%{_sbindir}/krb5-send-pr rm -vrf %{buildroot}/%{_datadir}/examples rm -vf %{buildroot}/%{_libdir}/krb5/plugins/preauth/test.so find %buildroot -type f \( -name '*.so' -o -name '*.so.*' \) -exec chmod 755 {} + %find_lang mit-krb5 %check make -C src runenv.py make -C src check || : %post server %systemd_post krb5kdc.service kadmin.service kprop.service /bin/systemctl daemon-reload %preun server %systemd_preun krb5kdc.service kadmin.service kprop.service %postun server %systemd_postun_with_restart krb5kdc.service kadmin.service kprop.service %files %doc NOTICE README %{_libdir}/libkadm5clnt_mit.so.* %{_libdir}/libkadm5srv_mit.so.* %files libs -f mit-krb5.lang %dir /etc/gss %dir /etc/gss/mech.d %dir /etc/krb5.conf.d %config(noreplace) /etc/krb5.conf %config(noreplace) /etc/krb5.conf.d/crypto-policies %{_libdir}/libgssapi_krb5.so.* %{_libdir}/libgssrpc.so.* %{_libdir}/libk5crypto.so.* %{_libdir}/libkdb5.so.* %{_libdir}/libkrad.so.* %{_libdir}/libkrb5.so.* %{_libdir}/libkrb5support.so.* %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/* %{_libdir}/krb5/plugins/preauth/spake.so %{_libdir}/krb5/plugins/tls/k5tls.so %dir %{_var}/kerberos %dir %{_var}/kerberos/krb5 %dir %{_var}/kerberos/krb5/user %files server %{_unitdir}/krb5kdc.service %{_unitdir}/kadmin.service %{_unitdir}/kprop.service %dir %{_localstatedir}/run/krb5kdc %config(noreplace) /etc/logrotate.d/krb5kdc %config(noreplace) /etc/logrotate.d/kadmind %dir %{_var}/kerberos %dir %{_var}/kerberos/krb5kdc %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf %config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl %dir %{_libdir}/krb5 %dir %{_libdir}/krb5/plugins %dir %{_libdir}/krb5/plugins/kdb %dir %{_libdir}/krb5/plugins/preauth %dir %{_libdir}/krb5/plugins/authdata %{_libdir}/krb5/plugins/preauth/otp.so %{_libdir}/krb5/plugins/preauth/pkinit.so %{_libdir}/krb5/plugins/kdb/db2.so %{_libdir}/krb5/plugins/kdb/kldap.so %{_libdir}/krb5/plugins/kdb/klmdb.so %{_libdir}/libkdb_ldap.so %{_libdir}/libkdb_ldap.so.* %{_sbindir}/kdb5_ldap_util %{_sbindir}/kadmin.local %{_sbindir}/kadmind %{_sbindir}/kdb5_util %{_sbindir}/kprop %{_sbindir}/kpropd %{_sbindir}/kproplog %{_sbindir}/krb5kdc %{_bindir}/sclient %{_sbindir}/sserver %{_datadir}/kerberos/ldap/kerberos.schema %{_datadir}/kerberos/ldap/kerberos.ldif %files client %config(noreplace) /etc/pam.d/ksu %{_bindir}/kdestroy %{_bindir}/kinit %{_bindir}/klist %{_bindir}/kpasswd %{_bindir}/kswitch %{_bindir}/kvno %{_bindir}/kadmin %{_bindir}/k5srvutil %{_bindir}/ktutil %attr(4755,root,root) %{_bindir}/ksu %files devel %{_includedir}/* %{_libdir}/{libgssapi_krb5.so,libgssrpc.so,libk5crypto.so,libkdb5.so,libkrad.so,libkrb5.so,libkrb5support.so} %{_libdir}/pkgconfig/* %{_libdir}/libkadm5clnt.so %{_libdir}/libkadm5clnt_mit.so %{_libdir}/libkadm5srv.so %{_libdir}/libkadm5srv_mit.so %{_bindir}/krb5-config %{_bindir}/sim_client %{_bindir}/gss-client %{_bindir}/uuclient %{_sbindir}/sim_server %{_sbindir}/gss-server %{_sbindir}/uuserver %files help %{_mandir}/man1/* %{_mandir}/man5/* %{_mandir}/man5/{.k5identity.5.*,.k5login.5.*} %{_mandir}/man7/* %{_mandir}/man8/* %changelog * Thu Nov 07 2024 Funda Wang <fundawang@yeah.net> - 1.21.2-11 - fix CVE-2024-3596 * Wed Oct 30 2024 yanshuai <yanshuai@kylinos.cn> - 1.21.2-10 - Fix libkadm5 parameter leak * Sun Oct 27 2024 zhangyaqi <zhangyaqi@kylinos.cn> - 1.21.2-9 - Fix memory leak in PAC checksum verification * Tue Jul 23 2024 zhangxingrong <zhangxingrong@uniontech.cn> - 1.21.2-8 - Change krb5_get_credentials() endtime behavior * Thu Jul 4 2024 xuraoqing <xuraoqing@huawei.com> - 1.21.2-7 - backport patches to fix bugs and CVE-2024-37370 CVE-2024-37371 * Thu Jun 27 2024 yanshuai <yanshuai@kylinos.cn> - 1.21.2-6 - Fix leak in KDC NDR encoding * Tue Jun 18 2024 gengqihu <gengqihu2@h-partners.com> - 1.21.2-5 - backport patches from upstream * Fri Jun 07 2024 yanglongkang <yanglongkang@h-partners.com> - 1.21.2-4 - backport patches from upstream * Thu Jun 06 2024 fuanan <fuanan3@h-partners.com> - 1.21.2-3 - backport patch to fix unimportant memory leaks * Tue Apr 30 2024 yanshuai <yanshuai@kylinos.cn> - 1.21.2-2 - Do not reload a modified profile data object * Tue Jan 2 2024 xuraoqing<xuraoqing@huawei.com> - 1.21.2-1 - update to 1.21.2 * Tue Sep 19 2023 xuraoqing<xuraoqing@huawei.com> - 1.21.1-3 - Fix krb5_cccol_have_content() bad pointer free * Tue Aug 29 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-2 - fix CVE-2023-39975 * Sat Jul 22 2023 wangyunjia <yunjia.wang@huawei.com> - 1.21.1-1 - Update to 1.21.1 * Thu Jun 15 2023 yixiangzhike <yixiangzhike007@163.com> - 1.20.1-2 - Add kerberos.schema and kerberos.ldif for plugin ldap * Wed Feb 1 2023 zhouchenchen123 <zhouchenchen@huawei.com> - 1.20.1-1 - update to 1.20.1 * Tue Mar 8 2022 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-2 - Add ExecStartPost option to krb5kdc.service for solving error message when krb5kdc starting * Fri Dec 24 2021 yixiangzhike <yixiangzhike007@163.com> - 1.19.2-1 - Update to 1.19.2 * Tue Aug 24 2021 gaoyusong <gaoyusong1@huawei.com> - 1.19.1-3 - Fix CVE-2021-37750 * Wed Jul 21 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-2 - Fix CVE-2021-36222 * Sat Jun 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.19.1-1 - Upgrade upstream to 1.19.1 * Wed May 26 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-3 - Add gettext to BuildRequires * Thu Jan 7 2021 yixiangzhike <zhangxingliang3@huawei.com> - 1.18.2-2 - Fix CVE-2020-28196 * Fri Jun 19 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.18.2-1 - Upgrade upstream to 1.18.2 * Wed Apr 29 2020 steven<steven_ygui@163.com> - 1.18-2 - Fix parameters in kdc.conf of version 1.18 * Fri Apr 24 2020 steven<steven_ygui@163.com> - 1.18-1 - Upgrade upstream to 1.18 * Mon Feb 17 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-9 - add krb5-libs containing some commands and dynamic library * Fri Feb 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-8 - fix several problems of version 1.17 * Tue Jan 14 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-7 - fix the permission problem * Wed Jan 8 2020 openEuler Buildteam <buildteam@openeuler.org> - 1.17-6 - simplify functions * Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-5 - delete unused patch * Fri Nov 15 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-4 - change LDFLAGS in building environment to solve build failure of pam_krb5 * Thu Oct 31 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-3 - Add BuildRequires: byacc * Tue Sep 24 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-2 - Adjust requires * Thu Sep 19 2019 openEuler Buildteam <buildteam@openeuler.org> - 1.17-1 - Package init
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2