krb5-1.16.1-1

git-svn-id: http://trac.vinelinux.org/repos/projects/specs@11832 ec354946-7b23-47d6-9f5a-488ba84defc7

k/krb5/krb5-vl.spec

@@ -20,8 +20,8 @@ BuildRequires: socket_wrapper
 Summary: The Kerberos network authentication system
 Summary(ja): Kerberos ネットワーク認証システム
 Name: krb5
-Version: 1.16
-Release: 2%{_dist_release}
+Version: 1.16.1
+Release: 1%{_dist_release}
 
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.11/krb5-1.11.1-signed.tar
@@ -29,7 +29,6 @@ Source0: krb5-%{version}.tar.gz
 # Source1: krb5-%{version}.tar.gz.asc
 Source3: krb5-%{version}-pdfs.tar
 Source1000: krb5-%{version}-man.tar
-Source1001: krb5-%{version}-html.tar
 
 Source2: kpropd.init
 Source4: kadmind.init
@@ -39,9 +38,7 @@ Source10: kdc.conf
 Source11: kadm5.acl
 Source19: krb5kdc.sysconfig
 Source20: kadmin.sysconfig
-# The same source files we "check", generated with "krb5-tex-pdf.sh create"
-# and tarred up.
-Source24: krb5-tex-pdf.sh
+Source21: kprop.sysconfig
 Source29: ksu.pamd
 Source30: kerberos-iv.portreserve
 Source31: kerberos-adm.portreserve
@@ -64,8 +61,59 @@ Patch33: krb5-1.13-dirsrv-accountlock.patch
 Patch34: krb5-1.9-debuginfo.patch
 Patch35: krb5-1.11-run_user_0.patch
 Patch36: krb5-1.11-kpasswdtest.patch
-Patch37: Process-included-directories-in-alphabetical-order.patch
-Patch38: Fix-flaws-in-LDAP-DN-checking.patch
+Patch40: Fix-hex-conversion-of-PKINIT-certid-strings.patch
+Patch41: Exit-with-status-0-from-kadmind.patch
+Patch42: Include-etype-info-in-for-hardware-preauth-hints.patch
+Patch43: Fix-securid_sam2-preauth-for-non-default-salt.patch
+Patch44: Refactor-KDC-krb5_pa_data-utility-functions.patch
+Patch45: Simplify-kdc_preauth.c-systems-table.patch
+Patch46: Add-PKINIT-client-support-for-freshness-token.patch
+Patch47: Add-PKINIT-KDC-support-for-freshness-token.patch
+Patch49: Fix-read-overflow-in-KDC-sort_pa_data.patch
+Patch50: Include-preauth-name-in-trace-output-if-possible.patch
+Patch51: Report-extended-errors-in-kinit-k-t-KDB.patch
+Patch52: Add-libkrb5support-hex-functions-and-tests.patch
+Patch53: Use-libkrb5support-hex-functions-where-appropriate.patch
+Patch54: Add-ASN.1-encoders-and-decoders-for-SPAKE-types.patch
+Patch55: Add-k5_buf_add_vfmt-to-k5buf-interface.patch
+Patch56: Add-vector-support-to-k5_sha256.patch
+Patch57: Move-zap-definition-to-k5-platform.h.patch
+Patch58: Implement-k5_buf_init_dynamic_zap.patch
+Patch59: Use-k5_buf_init_dynamic_zap-where-appropriate.patch
+Patch60: Add-SPAKE-preauth-support.patch
+Patch61: Add-doc-index-entries-for-SPAKE-constants.patch
+Patch62: Fix-SPAKE-memory-leak.patch
+Patch64: Zap-data-when-freeing-krb5_spake_factor.patch
+Patch65: Be-more-careful-asking-for-AS-key-in-SPAKE-client.patch
+Patch68: Restrict-pre-authentication-fallback-cases.patch
+Patch69: Remove-nodes-option-from-make-certs-scripts.patch
+Patch70: Fix-segfault-in-finish_dispatch.patch
+Patch71: Log-when-non-root-ksu-authorization-fails.patch
+Patch72: Add-k5_dir_filenames-to-libkrb5support.patch
+Patch73: Process-profile-includedir-in-sorted-order.patch
+Patch74: Make-docs-build-python3-compatible.patch
+Patch75: Add-flag-to-disable-encrypted-timestamp-on-client.patch
+Patch76: Explicitly-look-for-python2-in-configure.in.patch
+Patch77: Use-SHA-256-instead-of-MD5-for-audit-ticket-IDs.patch
+Patch78: Add-k5test-mark-function.patch
+Patch79: Convert-Python-tests-to-Python-3.patch
+Patch80: Zap-copy-of-secret-in-RC4-string-to-key.patch
+Patch81: Fix-some-broken-tests-for-Python-3.patch
+Patch82: Eliminate-preprocessor-disabled-dead-code.patch
+Patch83: Make-krb5kdc-p-affect-TCP-ports.patch
+Patch84: Remove-outdated-note-in-krb5kdc-man-page.patch
+Patch85: Fix-k5test-prompts-for-Python-3.patch
+Patch86: In-FIPS-mode-add-plaintext-fallback-for-RC4-usages-a.patch
+Patch87: Prefer-TCP-to-UDP-for-password-changes.patch
+Patch88: Correct-kpasswd_server-description-in-krb5.conf-5.patch
+Patch89: Prevent-SIGPIPE-from-socket-writes-on-UNIX-likes.patch
+Patch90: Use-port-sockets.h-macros-in-cc_kcm-sendto_kdc.patch
+Patch91: Bring-back-general-kerberos-man-page.patch
+Patch92: Modernize-kerberos-7.patch
+Patch93: Update-man-pages-to-reference-kerberos-7.patch
+
+# Vine patch(es)
+Patch1000: krb5-1.16.1-fix-openssl-libs.patch
 
 License: MIT
 URL: http://web.mit.edu/kerberos/www/
@@ -85,6 +133,7 @@ BuildRequires: keyutils
 BuildRequires: keyutils-libs-devel
 # BuildRequires: libselinux-devel
 BuildRequires: pam-devel
+BuildRequires: tcl-devel
 
 %if %{WITH_LDAP}
 BuildRequires: openldap-devel
@@ -241,16 +290,12 @@ certificate.
 %autosetup -S git -n %{name}-%{version}
 tar xvf %{SOURCE3}
 tar xvf %{SOURCE1000}
-tar xvf %{SOURCE1001}
 
 ln -s NOTICE LICENSE
 
 # Take the execute bit off of documentation.
 chmod -x doc/ccapi/*.html
 
-# Take the execute bit off of documentation.
-chmod -x doc/ccapi/*.html
-
 # Generate an FDS-compatible LDIF file.
 inldif=src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif
 cat > '60kerberos.ldif' << EOF
@@ -258,8 +303,8 @@ cat > '60kerberos.ldif' << EOF
 dn: cn=schema
 EOF
 egrep -iv '(^$|^dn:|^changetype:|^add:)' $inldif | \
-sed -r 's,^             ,                ,g' | \
-sed -r 's,^     ,        ,g' >> 60kerberos.ldif
+sed -r 's,^		,                ,g' | \
+sed -r 's,^	,        ,g' >> 60kerberos.ldif
 touch -r $inldif 60kerberos.ldif
 
 # Rebuild the configure scripts.
@@ -289,6 +334,7 @@ sed -i -e s,7777,`expr "$PORT" + 0`,g $cfg
 sed -i -e s,7778,`expr "$PORT" + 1`,g $cfg
 
 %build
+source %{_libdir}/tclConfig.sh
 pushd src
 
 # Set this so that configure will have a value even if the current version of
@@ -302,6 +348,7 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 	CC="%{__cc}" \
 	CFLAGS="$CFLAGS" \
 	CPPFLAGS="$CPPFLAGS" \
+	LIBS="-ldl -lz -lpthread" \
 	SS_LIB="-lss" \
 	--with-selinux=no \
 	--enable-shared \
@@ -324,7 +371,9 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 %endif
 %if %{WITH_OPENSSL}
 	--enable-pkinit \
+	--with-crypto-impl=openssl \
 	--with-pkinit-crypto-impl=openssl \
+	--with-tls-impl=openssl \
 %else
 	--disable-pkinit \
 %endif
@@ -333,7 +382,9 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
 %else
         --without-system-verto \
 %endif
-	--with-pam
+	--with-pam \
+	--with-prng-alg=os \
+	|| (cat config.log; exit 1)
 
 # Now build it.
 make %{?_smp_mflags}
@@ -447,7 +498,8 @@ done
 mkdir -p $RPM_BUILD_ROOT/etc/sysconfig
 for sysconfig in \
 	%{SOURCE19}\
-	%{SOURCE20} ; do
+	%{SOURCE20}\
+	%{SOURCE21} ; do
 	install -pm 644 ${sysconfig} \
 	$RPM_BUILD_ROOT/etc/sysconfig/`basename ${sysconfig} .sysconfig`
 done
@@ -641,6 +693,7 @@ exit 0
 /etc/rc.d/init.d/kprop
 %config(noreplace) /etc/sysconfig/krb5kdc
 %config(noreplace) /etc/sysconfig/kadmin
+%config(noreplace) /etc/sysconfig/kprop
 %config(noreplace) /etc/logrotate.d/krb5kdc
 %config(noreplace) /etc/logrotate.d/kadmind
 
@@ -659,6 +712,7 @@ exit 0
 %dir %{_libdir}/krb5/plugins/preauth
 %dir %{_libdir}/krb5/plugins/authdata
 %{_libdir}/krb5/plugins/preauth/otp.so
+%{_libdir}/krb5/plugins/kdb/db2.so
 
 # KDC binaries and configuration.
 %{_mandir}/man5/kadm5.acl.5*
@@ -715,6 +769,7 @@ exit 0
 /%{_mandir}/man5/k5identity.5*
 /%{_mandir}/man5/k5login.5*
 /%{_mandir}/man5/krb5.conf.5*
+/%{_mandir}/man7/kerberos.7*
 /%{_lib}/libgssapi_krb5.so.*
 /%{_lib}/libgssrpc.so.*
 /%{_lib}/libk5crypto.so.*
@@ -727,8 +782,8 @@ exit 0
 %dir %{_libdir}/krb5
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
-%{_libdir}/krb5/plugins/kdb/db2.so
 %{_libdir}/krb5/plugins/tls/k5tls.so
+%{_libdir}/krb5/plugins/preauth/spake.so
 %dir %{_var}/kerberos
 %dir %{_var}/kerberos/krb5
 %dir %{_var}/kerberos/krb5/user
@@ -800,7 +855,8 @@ exit 0
 %dir %{_libdir}/krb5
 %dir %{_libdir}/krb5/plugins
 %dir %{_libdir}/krb5/plugins/*
-%{_libdir}/krb5/plugins/kdb/db2.so
+%{_libdir}/krb5/plugins/tls/k5tls.so
+%{_libdir}/krb5/plugins/preauth/spake.so
 
 %if %{WITH_OPENSSL}
 %files -n compat32-%{name}-pkinit-openssl
@@ -832,6 +888,9 @@ exit 0
 %endif
 
 %changelog
+* Thu Nov 01 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16.1-1
+- updated to 1.16.1.
+
 * Wed Feb 28 2018 Tomohiro "Tomo-p" KATO <tomop@teamgedoh.net> 1.16-2
 - fixed /etc/krb5.conf.