rpms/krb5/F-12 krb5-1.7-spnego-deleg.patch, NONE, 1.1 krb5-1.7-buildconf.patch, 1.1, 1.2 krb5-1.7-pam.patch, 1.3, 1.4 krb5-1.7-selinux-label.patch, 1.5, 1.6 krb5.spec, 1.214, 1.215
Nalin Dahyabhai
nalin at fedoraproject.org
Mon Dec 21 19:43:57 UTC 2009
Author: nalin
Update of /cvs/pkgs/rpms/krb5/F-12
In directory cvs1.fedora.phx.redhat.com:/tmp/cvs-serv17333
Modified Files:
krb5-1.7-buildconf.patch krb5-1.7-pam.patch
krb5-1.7-selinux-label.patch krb5.spec
Added Files:
krb5-1.7-spnego-deleg.patch
Log Message:
- resync with development branch:
- refresh patch for #542868 from trunk
- move man pages that live in the -libs subpackage into the regular
%%{_mandir} tree where they'll still be found if that package is the
only one installed (#529319)
- and put it back in
- back that last change out
- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
- make krb5-config suppress CFLAGS output when called with --libs (#544391)
- ksu: move account management checks to before we drop privileges, like
su does (#540769)
- selinux: set the user part of file creation contexts to match the current
context instead of what we looked up
- configure with --enable-dns-for-realm instead of --enable-dns, which isn't
recognized any more
- move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation,
where it's actually needed (#538703)
- add some conditional logic to simplify building on older Fedora releases
- don't forget the README
krb5-1.7-spnego-deleg.patch:
gssapiP_spnego.h | 9 +++++++++
spnego_mech.c | 17 ++++++++++++++++-
2 files changed, 25 insertions(+), 1 deletion(-)
--- NEW FILE krb5-1.7-spnego-deleg.patch ---
Punt a set_cred_option() call down to the mechanism for the first
credential that we have whose mechanism implements a set_cred_option()
method. It's not the complete set of changes from 1.7 to trunk, but
it should be enough to make gss_krb5_copy_ccache() work. RT#6594
Index: src/lib/gssapi/spnego/gssapiP_spnego.h
===================================================================
--- src/lib/gssapi/spnego/gssapiP_spnego.h (revision 23481)
+++ src/lib/gssapi/spnego/gssapiP_spnego.h (revision 23482)
@@ -352,6 +352,15 @@
);
OM_uint32
+spnego_gss_set_cred_option
+(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value
+);
+
+OM_uint32
spnego_gss_set_sec_context_option
(
OM_uint32 *minor_status,
Index: src/lib/gssapi/spnego/spnego_mech.c
===================================================================
--- src/lib/gssapi/spnego/spnego_mech.c
+++ src/lib/gssapi/spnego/spnego_mech.c (revision 23482)
@@ -250,7 +250,7 @@
spnego_gss_inquire_sec_context_by_oid, /* gss_inquire_sec_context_by_oid */
NULL, /* gss_inquire_cred_by_oid */
spnego_gss_set_sec_context_option, /* gss_set_sec_context_option */
- NULL, /* gssspi_set_cred_option */
+ spnego_gss_set_cred_option, /* gssspi_set_cred_option */
NULL, /* gssspi_mech_invoke */
spnego_gss_wrap_aead,
spnego_gss_unwrap_aead,
@@ -2187,6 +2187,21 @@
}
OM_uint32
+spnego_gss_set_cred_option(
+ OM_uint32 *minor_status,
+ gss_cred_id_t cred_handle,
+ const gss_OID desired_object,
+ const gss_buffer_t value)
+{
+ OM_uint32 ret;
+ ret = gssspi_set_cred_option(minor_status,
+ cred_handle,
+ desired_object,
+ value);
+ return (ret);
+}
+
+OM_uint32
spnego_gss_set_sec_context_option(
OM_uint32 *minor_status,
gss_ctx_id_t *context_handle,
krb5-1.7-buildconf.patch:
config/shlib.conf | 2 ++
krb5-config.in | 7 ++++++-
2 files changed, 8 insertions(+), 1 deletion(-)
Index: krb5-1.7-buildconf.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5-1.7-buildconf.patch,v
retrieving revision 1.1
retrieving revision 1.2
diff -u -p -r1.1 -r1.2
--- krb5-1.7-buildconf.patch 4 Jun 2009 19:09:04 -0000 1.1
+++ krb5-1.7-buildconf.patch 21 Dec 2009 19:43:57 -0000 1.2
@@ -1,6 +1,7 @@
-Build binaries in this package as PIEs, install shared libraries with the
-execute bit set on them, and prune out the -L/usr/lib* and PIE flags where they
-might leak out and affect apps which want to link with the libraries.
+Build binaries in this package as PIEs and install shared libraries with the
+execute bit set on them. Prune out the -L/usr/lib*, PIE flags, and CFLAGS
+where they might leak out and affect apps which just want to link with the
+libraries (RT#TBD).
diff -up krb5-1.7/src/config/shlib.conf krb5-1.7/src/config/shlib.conf
--- krb5-1.7/src/config/shlib.conf 2008-12-08 17:33:07.000000000 -0500
@@ -17,9 +18,12 @@ diff -up krb5-1.7/src/config/shlib.conf
diff -up krb5-1.7/src/krb5-config.in krb5-1.7/src/krb5-config.in
--- krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
+++ krb5-1.7/src/krb5-config.in 2009-06-04 14:01:28.000000000 -0400
-@@ -189,6 +189,11 @@ if test -n "$do_libs"; then
+@@ -187,8 +187,13 @@ if test -n "$do_libs"; then
+ -e 's#\$(RPATH_FLAG)#'"$RPATH_FLAG"'#' \
+ -e 's#\$(LDFLAGS)#'"$LDFLAGS"'#' \
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
- -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
+- -e 's#\$(CFLAGS)#'"$CFLAGS"'#'`
++ -e 's#\$(CFLAGS)##'`
+ if test `dirname $libdir` = /usr ; then
+ lib_flags=`echo $lib_flags | sed -e "s#-L$libdir##" -e "s#$RPATH_FLAG$libdir##"`
krb5-1.7-pam.patch:
aclocal.m4 | 83 ++++++++
appl/bsd/Makefile.in | 11 -
appl/bsd/configure.in | 1
appl/bsd/krshd.c | 64 +++++-
appl/bsd/login.c | 61 ++++++
appl/bsd/pam.c | 433 +++++++++++++++++++++++++++++++++++++++++++
appl/bsd/pam.h | 65 ++++++
appl/gssftp/configure.in | 1
appl/gssftp/ftpd/Makefile.in | 8
appl/gssftp/ftpd/ftpd.c | 72 ++++++-
clients/ksu/Makefile.in | 7
clients/ksu/main.c | 75 +++++++
config/pre.in | 1
configure.in | 2
14 files changed, 862 insertions(+), 22 deletions(-)
Index: krb5-1.7-pam.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5-1.7-pam.patch,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -p -r1.3 -r1.4
--- krb5-1.7-pam.patch 26 Jun 2009 22:08:03 -0000 1.3
+++ krb5-1.7-pam.patch 21 Dec 2009 19:43:57 -0000 1.4
@@ -1092,45 +1092,61 @@ diff -up krb5-1.7/src/clients/ksu/main.c
#include "ksu.h"
#include "adm_proto.h"
#include <sys/types.h>
-@@ -32,6 +33,11 @@
+@@ -32,6 +33,10 @@
#include <signal.h>
#include <grp.h>
+#ifdef USE_PAM
+#include "../../appl/bsd/pam.h"
-+int force_fork = 0;
+#endif
+
/* globals */
char * prog_name;
int auth_debug =0;
-@@ -791,7 +797,24 @@ main (argc, argv)
- fprintf(stderr, "program to be execed %s\n",params[0]);
- }
-
-- if( keep_target_cache ) {
+@@ -39,6 +44,7 @@
+ char k5users_path[MAXPATHLEN];
+ char * gb_err = NULL;
+ int quiet = 0;
++int force_fork = 0;
+ /***********/
+
+ #define _DEF_CSH "/bin/csh"
+@@ -585,6 +591,25 @@
+ prog_name,target_user,client_name,
+ source_user,ontty());
+
+#ifdef USE_PAM
-+ if (appl_pam_enabled(ksu_context, "ksu")) {
-+ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
-+ NULL, source_user, ttyname(STDERR_FILENO)) != 0) {
-+ fprintf(stderr, "Access denied for %s.\n", target_user);
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ if (appl_pam_requires_chauthtok()) {
-+ fprintf(stderr, "Password change required for %s.\n", target_user);
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
++ if (appl_pam_enabled(ksu_context, "ksu")) {
++ if (appl_pam_acct_mgmt(KSU_PAM_SERVICE, 1, target_user, NULL,
++ NULL, source_user,
++ ttyname(STDERR_FILENO)) != 0) {
++ fprintf(stderr, "Access denied for %s.\n", target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ if (appl_pam_requires_chauthtok()) {
++ fprintf(stderr, "Password change required for %s.\n",
++ target_user);
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ force_fork++;
+ }
-+ force_fork++;
-+ }
+#endif
+
+ /* Run authorization as target.*/
+ if (krb5_seteuid(target_uid)) {
+ com_err(prog_name, errno, "while switching to target for authorization check");
+@@ -791,7 +816,7 @@
+ fprintf(stderr, "program to be execed %s\n",params[0]);
+ }
+
+- if( keep_target_cache ) {
+ if( keep_target_cache && !force_fork ) {
execv(params[0], params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
-@@ -799,6 +822,33 @@ main (argc, argv)
+@@ -799,6 +824,33 @@
exit(1);
}else{
statusp = 1;
@@ -1164,7 +1180,7 @@ diff -up krb5-1.7/src/clients/ksu/main.c
switch ((child_pid = fork())) {
default:
if (auth_debug){
-@@ -822,15 +872,34 @@ main (argc, argv)
+@@ -822,15 +874,34 @@
if (ret_pid == -1) {
com_err(prog_name, errno, "while calling waitpid");
}
krb5-1.7-selinux-label.patch:
aclocal.m4 | 51 +++
appl/bsd/configure.in | 1
appl/gssftp/configure.in | 1
appl/telnet/configure.in | 1
config/pre.in | 3
configure.in | 2
include/autoconf.h.in | 13
include/k5-int.h | 1
include/k5-label.h | 27 +
include/krb5/krb5.hin | 6
kadmin/dbutil/dump.c | 2
krb5-config.in | 3
lib/kadm5/logger.c | 4
lib/krb5/keytab/kt_file.c | 4
plugins/kdb/db2/adb_openclose.c | 2
plugins/kdb/db2/kdb_db2.c | 4
plugins/kdb/db2/libdb2/btree/bt_open.c | 3
plugins/kdb/db2/libdb2/hash/hash.c | 3
plugins/kdb/db2/libdb2/recno/rec_open.c | 3
plugins/kdb/db2/libdb2/test/Makefile.in | 3
plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c | 12
slave/kpropd.c | 2
util/profile/prof_file.c | 3
util/support/Makefile.in | 3
util/support/selinux.c | 346 ++++++++++++++++++++++++
25 files changed, 480 insertions(+), 23 deletions(-)
Index: krb5-1.7-selinux-label.patch
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5-1.7-selinux-label.patch,v
retrieving revision 1.5
retrieving revision 1.6
diff -u -p -r1.5 -r1.6
--- krb5-1.7-selinux-label.patch 6 Jul 2009 22:56:11 -0000 1.5
+++ krb5-1.7-selinux-label.patch 21 Dec 2009 19:43:57 -0000 1.6
@@ -42,7 +42,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.
KRB5_LIB_PARAMS
KRB5_AC_INITFINI
KRB5_AC_ENABLE_THREADS
-@@ -1876,3 +1877,51 @@ AC_SUBST(PAM_LIBS)
+@@ -1876,3 +1877,53 @@ AC_SUBST(PAM_LIBS)
AC_SUBST(manlibexecdir)
AC_CONFIG_FILES($1)
])
@@ -56,7 +56,7 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.
+if test "$withselinux" != no ; then
+ AC_MSG_RESULT([checking for libselinux...])
+ SELINUX_LIBS=
-+ AC_CHECK_HEADERS(selinux/selinux.h)
++ AC_CHECK_HEADERS(selinux/selinux.h selinux/label.h)
+ if test "x$ac_cv_header_selinux_selinux_h" != xyes ; then
+ if test "$withselinux" = auto ; then
+ AC_MSG_RESULT([Unable to locate selinux/selinux.h.])
@@ -68,11 +68,13 @@ diff -up krb5-1.7/src/aclocal.m4 krb5-1.
+
+ LIBS=
+ unset ac_cv_func_setfscreatecon
-+ AC_CHECK_FUNCS(setfscreatecon)
++ AC_CHECK_FUNCS(setfscreatecon selabel_open)
+ if test "x$ac_cv_func_setfscreatecon" = xno ; then
+ AC_CHECK_LIB(selinux,setfscreatecon)
++ AC_CHECK_LIB(selinux,selabel_open)
+ unset ac_cv_func_setfscreatecon
-+ AC_CHECK_FUNCS(setfscreatecon)
++ unset ac_cv_func_selabel_open
++ AC_CHECK_FUNCS(setfscreatecon selabel_open)
+ if test "x$ac_cv_func_setfscreatecon" = xyes ; then
+ SELINUX_LIBS="$LIBS"
+ else
@@ -162,17 +164,20 @@ diff -up krb5-1.7/src/configure.in krb5-
diff -up krb5-1.7/src/include/autoconf.h.in krb5-1.7/src/include/autoconf.h.in
--- krb5-1.7/src/include/autoconf.h.in 2009-06-01 20:58:35.000000000 -0400
+++ krb5-1.7/src/include/autoconf.h.in 2009-06-04 13:47:20.000000000 -0400
-@@ -389,6 +389,9 @@
+@@ -389,6 +389,12 @@
/* Define to 1 if you have the `sched_yield' function. */
#undef HAVE_SCHED_YIELD
++/* Define to 1 if you have the <selinux/label.h> header file. */
++#undef HAVE_SELINUX_LABEL_H
++
+/* Define to 1 if you have the <selinux/selinux.h> header file. */
+#undef HAVE_SELINUX_SELINUX_H
+
/* Define to 1 if you have the <semaphore.h> header file. */
#undef HAVE_SEMAPHORE_H
-@@ -401,6 +404,9 @@
+@@ -401,6 +407,9 @@
/* Define to 1 if you have the `setegid' function. */
#undef HAVE_SETEGID
@@ -182,7 +187,7 @@ diff -up krb5-1.7/src/include/autoconf.h
/* Define to 1 if you have the `setenv' function. */
#undef HAVE_SETENV
-@@ -768,6 +774,10 @@
+@@ -768,6 +777,10 @@
/* Define if the KDC should use a replay cache */
#undef USE_RCACHE
@@ -536,7 +541,7 @@ diff -up krb5-1.7/src/util/support/Makef
diff -up /dev/null krb5-1.7/src/util/support/selinux.c
--- /dev/null 2009-06-04 10:34:55.169007373 -0400
+++ krb5-1.7/src/util/support/selinux.c 2009-06-04 13:47:20.000000000 -0400
-@@ -0,0 +1,300 @@
+@@ -0,0 +1,346 @@
+/*
+ * Copyright 2007,2008,2009 Red Hat, Inc. All Rights Reserved.
+ *
@@ -588,7 +593,10 @@ diff -up /dev/null krb5-1.7/src/util/sup
+#include <string.h>
+#include <unistd.h>
+#include <selinux/selinux.h>
++#include <selinux/context.h>
++#ifdef HAVE_SELINUX_LABEL_H
+#include <selinux/label.h>
++#endif
+
+/* #define DEBUG 1 */
+
@@ -606,9 +614,12 @@ diff -up /dev/null krb5-1.7/src/util/sup
+static security_context_t
+push_fscreatecon(const char *pathname, mode_t mode)
+{
-+ security_context_t previous, next;
++ security_context_t previous, configuredsc, currentsc, derivedsc;
++ context_t current, derived;
++ const char *fullpath, *currentuser;
++#ifdef HAVE_SELINUX_LABEL_H
+ struct selabel_handle *ctx;
-+ const char *fullpath;
++#endif
+
+ previous = NULL;
+ if (is_selinux_enabled()) {
@@ -641,16 +652,17 @@ diff -up /dev/null krb5-1.7/src/util/sup
+ } else {
+ fullpath = pathname;
+ }
-+ next = NULL;
+#ifdef DEBUG
+ if (isatty(fileno(stderr))) {
+ fprintf(stderr, "Looking up context for "
+ "\"%s\"(%05o).\n", fullpath, mode);
+ }
+#endif
++ configuredsc = NULL;
++#ifdef HAVE_SELINUX_LABEL_H
+ ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
+ if (ctx != NULL) {
-+ if (selabel_lookup(ctx, &next,
++ if (selabel_lookup(ctx, &configuredsc,
+ fullpath, mode) != 0) {
+ selabel_close(ctx);
+ free(genpath);
@@ -661,21 +673,60 @@ diff -up /dev/null krb5-1.7/src/util/sup
+ }
+ selabel_close(ctx);
+ }
++#else
++ if (matchpathcon(fullpath, mode, &configuredsc) != 0) {
++ free(genpath);
++ if (previous != NULL) {
++ freecon(previous);
++ }
++ return NULL;
++ }
++#endif
+ free(genpath);
++ if (configuredsc == NULL) {
++ if (previous != NULL) {
++ freecon(previous);
++ }
++ return NULL;
++ }
++ currentsc = NULL;
++ getcon(¤tsc);
++ if (currentsc != NULL) {
++ derived = context_new(configuredsc);
++ if (derived != NULL) {
++ current = context_new(currentsc);
++ if (current != NULL) {
++ currentuser = context_user_get(current);
++ if (currentuser != NULL) {
++ if (context_user_set(derived,
++ currentuser) == 0) {
++ derivedsc = context_str(derived);
++ if (derivedsc != NULL) {
++ freecon(configuredsc);
++ configuredsc = strdup(derivedsc);
++ }
++ }
++ }
++ context_free(current);
++ }
++ context_free(derived);
++ }
++ freecon(currentsc);
++ }
+#ifdef DEBUG
+ if (isatty(fileno(stderr))) {
+ fprintf(stderr, "Setting file creation context "
-+ "to \"%s\".\n", next);
++ "to \"%s\".\n", configured);
+ }
+#endif
-+ if (setfscreatecon(next) != 0) {
-+ freecon(next);
++ if (setfscreatecon(configuredsc) != 0) {
++ freecon(configuredsc);
+ if (previous != NULL) {
+ freecon(previous);
+ }
+ return NULL;
+ }
-+ freecon(next);
++ freecon(configuredsc);
+#ifdef DEBUG
+ } else {
+ if (isatty(fileno(stderr))) {
Index: krb5.spec
===================================================================
RCS file: /cvs/pkgs/rpms/krb5/F-12/krb5.spec,v
retrieving revision 1.214
retrieving revision 1.215
diff -u -p -r1.214 -r1.215
--- krb5.spec 20 Nov 2009 16:09:34 -0000 1.214
+++ krb5.spec 21 Dec 2009 19:43:57 -0000 1.215
@@ -10,7 +10,7 @@
Summary: The Kerberos network authentication system
Name: krb5
Version: 1.7
-Release: 10%{?dist}
+Release: 14%{?dist}
# Maybe we should explode from the now-available-to-everybody tarball instead?
# http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar
Source0: krb5-%{version}.tar.gz
@@ -79,13 +79,16 @@ Patch87: krb5-1.7-errs.patch
Patch88: krb5-1.7-sizeof.patch
Patch89: krb5-1.7-largefile.patch
Patch90: krb5-1.7-openssl-1.0.patch
+Patch91: krb5-1.7-spnego-deleg.patch
License: MIT
URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
BuildRequires: autoconf, bison, flex, gawk
+%if 0%{?fedora} >= 12
BuildRequires: libcom_err-devel, libss-devel
+%endif
BuildRequires: gzip, ncurses-devel, rsh, texinfo, texinfo-tex, tar
BuildRequires: tetex-latex
BuildRequires: keyutils-libs-devel
@@ -107,7 +110,10 @@ practice of cleartext passwords.
%package devel
Summary: Development files needed to compile Kerberos 5 programs
Group: Development/Libraries
-Requires: %{name}-libs = %{version}-%{release}, libcom_err-devel
+Requires: %{name}-libs = %{version}-%{release}
+%if 0%{?fedora} >= 12
+Requires: libcom_err-devel
+%endif
Requires: keyutils-libs-devel, libselinux-devel
%description devel
@@ -210,11 +216,42 @@ to obtain initial credentials from a KDC
certificate.
%changelog
+* Mon Dec 21 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-14
+- refresh patch for #542868 from trunk
+
+* Thu Dec 10 2009 Nalin Dahyabhai <nalin at redhat.com>
+- move man pages that live in the -libs subpackage into the regular
+ %%{_mandir} tree where they'll still be found if that package is the
+ only one installed (#529319)
+
+* Wed Dec 9 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-13
+- and put it back in
+
+* Tue Dec 8 2009 Nalin Dahyabhai <nalin at redhat.com>
+- back that last change out
+
+* Tue Dec 8 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-12
+- try to make gss_krb5_copy_ccache() work correctly for spnego (#542868)
+
+* Fri Dec 4 2009 Nalin Dahyabhai <nalin at redhat.com>
+- make krb5-config suppress CFLAGS output when called with --libs (#544391)
+
+* Thu Dec 3 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-11
+- ksu: move account management checks to before we drop privileges, like
+ su does (#540769)
+- selinux: set the user part of file creation contexts to match the current
+ context instead of what we looked up
+- configure with --enable-dns-for-realm instead of --enable-dns, which isn't
+ recognized any more
+
* Fri Nov 20 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-10
- move /etc/pam.d/ksu from krb5-workstation-servers to krb5-workstation,
where it's actually needed (#538703)
-* Tue Oct 13 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-9
+* Fri Oct 23 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-9
+- add some conditional logic to simplify building on older Fedora releases
+
+* Tue Oct 13 2009 Nalin Dahyabhai <nalin at redhat.com>
- don't forget the README
* Mon Sep 14 2009 Nalin Dahyabhai <nalin at redhat.com> - 1.7-8
@@ -1482,6 +1519,7 @@ popd
%patch88 -p1 -b .sizeof
%patch89 -p1 -b .largefile
%patch90 -p0 -b .openssl-1.0
+%patch91 -p0 -b .spnego-deleg
gzip doc/*.ps
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
@@ -1541,7 +1579,11 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
CC="%{__cc}" \
CFLAGS="$CFLAGS" \
CPPFLAGS="$CPPFLAGS" \
+%if 0%{?fedora} >= 7
SS_LIB="-lss -ltinfo" \
+%else
+ SS_LIB="-lss -lncurses" \
+%endif
--enable-shared \
--bindir=%{krb5prefix}/bin \
--mandir=%{krb5prefix}/man \
@@ -1553,7 +1595,7 @@ CPPFLAGS="`echo $DEFINES $INCLUDES`"
--with-system-ss \
--with-netlib=-lresolv \
--without-tcl \
- --enable-dns \
+ --enable-dns-for-realm \
%if %{WITH_LDAP}
%if %{WITH_DIRSRV}
--with-dirsrv \
@@ -1656,6 +1698,13 @@ for library in libgssapi_krb5 libgssrpc
popd
done
+# Move man pages which will be in the -libs subpackage into %%{_mandir}'s tree.
+for man in man1/tmac.doc man1/kerberos.1 man5/.k5login.5 man5/krb5.conf.5 ; do
+ mkdir -p $RPM_BUILD_ROOT/%{_mandir}/${man%%/*}
+ mv $RPM_BUILD_ROOT/%{krb5prefix}/man/${man} \
+ $RPM_BUILD_ROOT/%{_mandir}/${man%%/*}/
+done
+
%clean
[ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
@@ -1953,14 +2002,10 @@ exit 0
%doc README
%docdir %{krb5prefix}/man
%verify(not md5 size mtime) %config(noreplace) /etc/krb5.conf
-%dir %{krb5prefix}
-%dir %{krb5prefix}/man
-%dir %{krb5prefix}/man/man1
-%dir %{krb5prefix}/man/man5
-%{krb5prefix}/man/man1/tmac.doc*
-%{krb5prefix}/man/man1/kerberos.1*
-%{krb5prefix}/man/man5/.k5login.5*
-%{krb5prefix}/man/man5/krb5.conf.5*
+/%{_mandir}/man1/tmac.doc*
+/%{_mandir}/man1/kerberos.1*
+/%{_mandir}/man5/.k5login.5*
+/%{_mandir}/man5/krb5.conf.5*
/%{_lib}/libgssapi_krb5.so.*
/%{_lib}/libgssrpc.so.*
/%{_lib}/libk5crypto.so.*
More information about the scm-commits
mailing list