auto-import changelog data from krb5-1.3.1-6.src.rpmkrb5-1_3_1-6 FC-1-split

Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6 - fix bug in patch to make rlogind start login with a clean environment a la netkit rlogin, spotted and fixed by Scott McClung Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5 - include profile.d scriptlets in krb5-devel so that krb5-config will be in the path, reported by Kir Kolyshkin Mon Sep 08 2003 Nalin Dahyabhai <nalin@redhat.com> - add more etypes (arcfour) to the default enctype list in kdc.conf - don't apply previous patch, refused upstream Fri Sep 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4 - fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials Wed Sep 03 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3 - Don't check for write access on /etc/krb5.conf if SELinux Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2 - fixup some int/pointer varargs wackiness Tue Aug 05 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1 - rebuild Mon Aug 04 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0 - update to 1.3.1 Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2 - pull fix for non-compliant encoding of salt field in etype-info2 preauth data from 1.3.1 beta 1, until 1.3.1 is released. Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1 - update to 1.3 Mon Jul 07 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4 - correctly use stdargs Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4 - test update to 1.3 beta 4 - ditch statglue build option - krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com> - rebuilt Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2 - gcc 3.3 doesn't implement varargs.h, include stdarg.h instead Wed Apr 09 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1 - update to 1.2.8
author: cvsdist <cvsdist@fedoraproject.org> 2004-09-09 07:16:22 +0000
committer: cvsdist <cvsdist@fedoraproject.org> 2004-09-09 07:16:22 +0000
commit: 0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd (patch)
tree: 59126e93542a10cf6bf5237cd9d2a278b7fc24e1
parent: f241d93ce5dff9dc39693d9051b6706ab16a1e57 (diff)
download: krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.tar.gz
krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.tar.xz
krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.zip
11 files changed, 882 insertions, 237 deletions
diff --git a/.cvsignore b/.cvsignore
index d798e6e..4e638c1 100644
--- a/.cvsignore
+++ b/.cvsignore
@@ -1,2 +1 @@
-2003-004-krb4_patchkit.tar.gz
-krb5-1.2.7.tar.gz
+krb5-1.3.1.tar.gz
diff --git a/kdc.conf b/kdc.conf
index e55ee00..31563fa 100644
--- a/kdc.conf
+++ b/kdc.conf
@@ -7,5 +7,5 @@
 [realms]
  EXAMPLE.COM = {
   master_key_type = des-cbc-crc
-  supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
+  supported_enctypes = arcfour-hmac:normal arcfour-hmac:norealm arcfour-hmac:onlyrealm des3-hmac-sha1:normal des-hmac-sha1:normal des-cbc-md5:normal des-cbc-crc:normal des-cbc-crc:v4 des-cbc-crc:afs3
  }
diff --git a/krb5-1.3-ftp-glob.patch b/krb5-1.3-ftp-glob.patch
new file mode 100644
index 0000000..becaff0
--- /dev/null
+++ b/krb5-1.3-ftp-glob.patch
@@ -0,0 +1,281 @@
+--- krb5-1.3/src/appl/gssftp/ftp/cmds.c
++++ krb5-1.3/src/appl/gssftp/ftp/cmds.c
+@@ -99,6 +99,65 @@
+ static void quote1 (char *, int, char **);
+ static char *dotrans (char *);
+ static char *domap (char *);
++static int checkglob(int fd, const char *pattern);
++
++/*
++ * pipeprotect: protect against "special" local filenames by prepending
++ * "./". Special local filenames are "-" and "|..." AND "/...".
++ */
++static char *pipeprotect(char *name) 
++{
++	char *nu;
++	if (strcmp(name, "-") && *name!='|' && *name!='/') {
++		return name;
++	}
++
++	/* We're going to leak this memory. XXX. */
++	nu = malloc(strlen(name)+3);
++	if (nu==NULL) {
++		perror("malloc");
++		code = -1;
++		return NULL;
++	}
++	strcpy(nu, ".");
++	if (*name != '/') strcat(nu, "/");
++	strcat(nu, name);
++	return nu;
++}
++
++/*
++ * Look for embedded ".." in a pathname and change it to "!!", printing
++ * a warning.
++ */
++static char *pathprotect(char *name)
++{
++	int gotdots=0, i, len;
++	
++	/* Convert null terminator to trailing / to catch a trailing ".." */
++	len = strlen(name)+1;
++	name[len-1] = '/';
++
++	/*
++	 * State machine loop. gotdots is < 0 if not looking at dots,
++	 * 0 if we just saw a / and thus might start getting dots,
++	 * and the count of dots seen so far if we have seen some.
++	 */
++	for (i=0; i<len; i++) {
++		if (name[i]=='.' && gotdots>=0) gotdots++;
++		else if (name[i]=='/' && gotdots<0) gotdots=0;
++		else if (name[i]=='/' && gotdots==2) {
++		    printf("Warning: embedded .. in %.*s (changing to !!)\n",
++			   len-1, name);
++		    name[i-1] = '!';
++		    name[i-2] = '!';
++		    gotdots = 0;
++		}
++		else if (name[i]=='/') gotdots = 0;
++		else gotdots = -1;
++	}
++	name[len-1] = 0;
++	return name;
++}
+ 
+ /*
+  * `Another' gets another argument, and stores the new argc and argv.
+@@ -844,7 +903,15 @@
+ 
+ 	if (argc == 2) {
+ 		argc++;
+-		argv[2] = argv[1];
++		/* 
++		 * Protect the user from accidentally retrieving special
++		 * local names.
++		 */
++		argv[2] = pipeprotect(argv[1]);
++		if (!argv[2]) {
++			code = -1;
++			return 0;
++		}
+ 		loc++;
+ 	}
+ 	if (argc < 2 && !another(&argc, &argv, "remote-file"))
+@@ -1016,8 +1083,19 @@
+ 			if (mapflag) {
+ 				tp = domap(tp);
+ 			}
+-			recvrequest("RETR", tp, cp, "w",
+-			    tp != cp || !interactive, 1);
++
++			/* Reject embedded ".." */
++			tp = pathprotect(tp);
++
++			/* Prepend ./ to "-" or "!*" or leading "/" */
++			tp = pipeprotect(tp);
++			if (tp == NULL) {
++				/* hmm... how best to handle this? */
++				mflag = 0;
++			} else {
++				recvrequest("RETR", tp, cp, "w",
++					    tp != cp || !interactive, 1);
++			}
+ 			if (!mflag && fromatty) {
+ 				ointer = interactive;
+ 				interactive = 1;
+@@ -1045,8 +1123,8 @@
+ 	static char buf[MAXPATHLEN];
+ 	static FILE *ftemp = NULL;
+ 	static char **args;
+-	int oldverbose, oldhash;
+-	char *cp, *rmode;
++	int oldverbose, oldhash, badglob = 0;
++	char *cp;
+ 
+ 	if (!mflag) {
+ 		if (!doglob) {
+@@ -1075,23 +1153,46 @@
+ 			return (NULL);
+ 		}
+ #else
+-		(void) strncpy(temp, _PATH_TMP, sizeof(temp) - 1);
+-		temp[sizeof(temp) - 1] = '\0';
+-		(void) mktemp(temp);
++		int oldumask, fd;
++		(void) strcpy(temp, _PATH_TMP);
++
++		/* libc 5.2.18 creates with mode 0666, which is dumb */
++		oldumask = umask(077);
++		fd = mkstemp(temp);
++		umask(oldumask);
++
++		if (fd<0) {
++			printf("Error creating temporary file, oops\n");
++			return NULL;
++		}
+ #endif /* !_WIN32 */
+ 		oldverbose = verbose, verbose = 0;
+ 		oldhash = hash, hash = 0;
+ 		if (doswitch) {
+ 			pswitch(!proxy);
+ 		}
+-		for (rmode = "w"; *++argv != NULL; rmode = "a")
+-			recvrequest ("NLST", temp, *argv, rmode, 0, 0);
++
++		while (*++argv != NULL) {
++			int     dupfd = dup(fd);
++
++			recvrequest ("NLST", temp, *argv, "a", 0, 0);
++			if (!checkglob(dupfd, *argv)) {
++				badglob = 1;
++				break;
++			}
++		}
++		unlink(temp);
++
+ 		if (doswitch) {
+ 			pswitch(!proxy);
+ 		}
+ 		verbose = oldverbose; hash = oldhash;
+-		ftemp = fopen(temp, "r");
+-		(void) unlink(temp);
++		if (badglob) {
++			printf("Refusing to handle insecure file list\n");
++			close(fd);
++			return NULL;
++		}
++		ftemp = fdopen(fd, "r");
+ #ifdef _WIN32
+ 		free(temp);
+ 		temp = NULL;
+@@ -1100,6 +1201,7 @@
+ 			printf("can't find list of remote files, oops\n");
+ 			return (NULL);
+ 		}
++		rewind(ftemp);
+ 	}
+ 	if (fgets(buf, sizeof (buf), ftemp) == NULL) {
+ 		(void) fclose(ftemp), ftemp = NULL;
+@@ -1110,6 +1212,100 @@
+ 	return (buf);
+ }
+ 
++/*
++ * Check whether given pattern matches `..'
++ * We assume only a glob pattern starting with a dot will match
++ * dot entries on the server.
++ */
++static int
++isdotdotglob(const char *pattern)
++{
++	int     havedot = 0;
++	char    c;
++
++	if (*pattern++ != '.')
++		return 0;
++	while ((c = *pattern++) != '\0' && c != '/') {
++		if (c == '*' || c == '?')
++			continue;
++		if (c == '.' && havedot++)
++			return 0;
++	}
++	return 1;
++}
++
++/*
++ * This function makes sure the list of globbed files returned from
++ * the server doesn't contain anything dangerous such as
++ * /home/<yourname>/.forward, or ../.forward,
++ * or |mail foe@doe </etc/passwd, etc.
++ * Covered areas:
++ *  - returned name starts with / but glob pattern doesn't
++ *  - glob pattern starts with / but returned name doesn't
++ *  - returned name starts with |
++ *  - returned name contains .. in a position where glob
++ *    pattern doesn't match ..
++ *    I.e. foo/.* allows foo/../bar but not foo/.bar/../fly
++ *
++ * Note that globbed names starting with / should really be stored
++ * under the current working directory; this is handled in mget above.
++ *                                            --okir
++ */
++static int
++checkglob(int fd, const char *pattern)
++{
++	const char      *sp;
++	char            buffer[MAXPATHLEN], dotdot[MAXPATHLEN];
++	int             okay = 1, nrslash, initial, nr;
++	FILE            *fp;
++
++	/* Find slashes in glob pattern, and verify whether component
++	 * matches `..'
++	 */
++	initial = (pattern[0] == '/');
++	for (sp = pattern, nrslash = 0; sp != 0; sp = strchr(sp, '/')) {
++		while (*sp == '/')
++			sp++;
++		if (nrslash >= MAXPATHLEN) {
++			printf("Incredible pattern: %s\n", pattern);
++			return 0;
++		}
++		dotdot[nrslash++] = isdotdotglob(sp);
++	}
++
++	fp = fdopen(fd, "r");
++	while (okay && fgets(buffer, sizeof(buffer), fp) != NULL) {
++		char    *sp;
++
++		if ((sp = strchr(buffer, '\n')) != 0) {
++			*sp = '\0';
++		} else {
++			printf("Extremely long filename from server: %s",
++			       buffer);
++			okay = 0;
++			break;
++		}
++		if (buffer[0] == '|'
++		    || (buffer[0] != '/' && initial)
++		    || (buffer[0] == '/' && !initial))
++			okay = 0;
++		for (sp = buffer, nr = 0; sp; sp = strchr(sp, '/'), nr++) {
++			while (*sp == '/')
++				sp++;
++			if (sp[0] == '.' && !strncmp(sp, "../", 3)
++			    && (nr >= nrslash || !dotdot[nr]))
++				okay = 0;
++		}
++	}
++
++	if (!okay)
++		printf("Filename provided by server "
++		       "doesn't match pattern `%s': %s\n", pattern, buffer);
++
++	fclose(fp);
++	return okay;
++}
++
+ static char *
+ onoff(bool)
+ 	int bool;
diff --git a/krb5-1.3-ksu-access.patch b/krb5-1.3-ksu-access.patch
new file mode 100644
index 0000000..59c23c2
--- /dev/null
+++ b/krb5-1.3-ksu-access.patch
@@ -0,0 +1,45 @@
+The idea is to not complain about problems in the default ticket file if we
+couldn't read it, because the client would be able to tell if it's there or
+not.  Still needs work, I think.
+--- krb5-1.3/src/clients/ksu/ccache.c
++++ krb5-1.3/src/clients/ksu/ccache.c
+@@ -77,7 +77,7 @@
+     cc_def_name = krb5_cc_get_name(context, cc_def);    
+     cc_other_name = krb5_cc_get_name(context, *cc_other);    
+ 
+-    if ( ! stat(cc_def_name, &st_temp)){
++    if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
+ 	if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
+ 		return retval;
+ 	}
+--- krb5-1.3/src/clients/ksu/heuristic.c
++++ krb5-1.3/src/clients/ksu/heuristic.c
+@@ -412,7 +412,7 @@
+ 
+     cc_source_name = krb5_cc_get_name(context, cc);
+ 
+-    if ( ! stat(cc_source_name, &st_temp)){
++    if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
+ 
+ 	retval = find_ticket(context, cc, client, end_server, &temp_found);
+ 	if (retval)
+@@ -572,7 +572,7 @@
+     cc_source_name = krb5_cc_get_name(context, cc_source);
+ 
+ 	
+-    if (! stat(cc_source_name, &st_temp)) {
++    if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
+ 	retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
+ 	if (retval)
+ 	    return retval;
+--- krb5-1.3/src/clients/ksu/main.c
++++ krb5-1.3/src/clients/ksu/main.c
+@@ -263,7 +263,7 @@
+ 		if ( strchr(cc_source_tag, ':')){
+ 		    cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
+ 		    
+-		    if( stat( cc_source_tag_tmp, &st_temp)){
++		    if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
+ 			com_err (prog_name, errno,
+ 				 "while looking for credentials file %s",
+ 				 cc_source_tag_tmp);
diff --git a/krb5-1.3-large-file.patch b/krb5-1.3-large-file.patch
new file mode 100644
index 0000000..61ab35b
--- /dev/null
+++ b/krb5-1.3-large-file.patch
@@ -0,0 +1,28 @@
+The size might be a long long, so deal with that.
+
+--- krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y
++++ krb5-1.3/src/appl/gssftp/ftpd/ftpcmd.y
+@@ -1515,12 +1515,12 @@
+ 		    (stbuf.st_mode&S_IFMT) != S_IFREG)
+ 			reply(550, "%s: not a plain file.", filename);
+ 		else
+-			reply(213, "%lu", (long) stbuf.st_size);
++			reply(213, "%llu", (long long) stbuf.st_size);
+ 		break;}
+ 	case TYPE_A: {
+ 		FILE *fin;
+ 		register int c;
+-		register long count;
++		register long long count;
+ 		struct stat stbuf;
+ 		fin = fopen(filename, "r");
+ 		if (fin == NULL) {
+@@ -1542,7 +1542,7 @@
+ 		}
+ 		(void) fclose(fin);
+ 
+-		reply(213, "%ld", count);
++		reply(213, "%lld", count);
+ 		break;}
+ 	default:
+ 		reply(504, "SIZE not implemented for Type %c.", "?AEIL"[type]);
diff --git a/krb5-1.3-manpage-paths.patch b/krb5-1.3-manpage-paths.patch
new file mode 100644
index 0000000..39b54ad
--- /dev/null
+++ b/krb5-1.3-manpage-paths.patch
@@ -0,0 +1,192 @@
+--- krb5-1.3/src/appl/bsd/klogind.M
++++ krb5-1.3/src/appl/bsd/klogind.M
+@@ -27,7 +27,7 @@
+ the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
+ configuration line for \fIklogind\fP might be:
+ 
+-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
++klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c
+ 
+ When a service request is received, the following protocol is initiated:
+ 
+--- krb5-1.3/src/appl/bsd/kshd.M
++++ krb5-1.3/src/appl/bsd/kshd.M
+@@ -8,7 +8,7 @@
+ .SH NAME
+ kshd \- kerberized remote shell server
+ .SH SYNOPSIS
+-.B /usr/local/sbin/kshd 
++.B /usr/kerberos/sbin/kshd 
+ [
+ .B \-kr45ec
+ ]
+@@ -30,7 +30,7 @@
+ on the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
+ configuration line for \fIkrshd\fP might be:
+ 
+-kshell	stream	tcp	nowait	root	/usr/local/sbin/kshd	kshd -5c
++kshell	stream	tcp	nowait	root	/usr/kerberos/sbin/kshd	kshd -5c
+ 
+ When a service request is received, the following protocol is initiated:
+ 
+--- krb5-1.3/src/appl/sample/sserver/sserver.M
++++ krb5-1.3/src/appl/sample/sserver/sserver.M
+@@ -59,7 +59,7 @@
+ using a line in
+ /etc/inetd.conf that looks like this:
+ .PP
+-sample  stream  tcp     nowait  root /usr/local/sbin/sserver	sserver
++sample  stream  tcp     nowait  root /usr/kerberos/sbin/sserver	sserver
+ .PP
+ Since \fBsample\fP is normally not a port defined in /etc/services, you will
+ usually have to add a line to /etc/services which looks like this:
+--- krb5-1.3/src/appl/telnet/telnet/telnet.1
++++ krb5-1.3/src/appl/telnet/telnet/telnet.1
+@@ -8,35 +8,35 @@
+ .\"    notice, this list of conditions and the following disclaimer.
+ .\" 2. Redistributions in binary form must reproduce the above copyright
+ .\"    notice, this list of conditions and the following disclaimer in the
+-.\"    documentation and/or other materials provided with the distribution.
+-.\" 3. All advertising materials mentioning features or use of this software
+-.\"    must display the following acknowledgement:
+-.\"	This product includes software developed by the University of
+-.\"	California, Berkeley and its contributors.
+-.\" 4. Neither the name of the University nor the names of its contributors
+-.\"    may be used to endorse or promote products derived from this software
+-.\"    without specific prior written permission.
+-.\"
+-.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
+-.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+-.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+-.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
+-.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+-.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+-.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+-.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+-.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+-.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+-.\" SUCH DAMAGE.
+-.\"
+-.\"	@(#)telnet.1	8.4 (Berkeley) 2/3/94
+-.\" "
+-.TH TELNET 1
+-.SH NAME
+-telnet \- user interface to the TELNET protocol
+-.SH SYNOPSIS
+-.B telnet
+-[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
++	.\"    documentation and/or other materials provided with the distribution.
++	.\" 3. All advertising materials mentioning features or use of this software
++	.\"    must display the following acknowledgement:
++	.\"	This product includes software developed by the University of
++	.\"	California, Berkeley and its contributors.
++	.\" 4. Neither the name of the University nor the names of its contributors
++	.\"    may be used to endorse or promote products derived from this software
++	.\"    without specific prior written permission.
++	.\"
++	.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
++	.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
++	.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
++	.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
++	.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
++	.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
++	.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
++	.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
++	.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
++	.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
++	.\" SUCH DAMAGE.
++	.\"
++	.\"	@(#)telnet.1	8.4 (Berkeley) 2/3/94
++	.\" "
++	.TH TELNET 1
++	.SH NAME
++	telnet \- user interface to the TELNET protocol
++	.SH SYNOPSIS
++	.B telnet
++	[\fB\-8\fP] [\fB\-E\fP] [\fB\-F\fP] [\fB\-K\fP] [\fB\-L\fP] [\fB\-S\fP
+ \fItos\fP] [\fB\-X\fP \fIauthtype\fP] [\fB\-a\fP] [\fB\-c\fP]
+ [\fB\-d\fP] [\fB\-e\fP \fIescapechar\fP] [\fB\-f\fP] [\fB\-k\fP
+ \fIrealm\fP] [\fB\-l\fP \fIuser\fP] [\fB\-n\fP \fItracefile\fP]
+--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8
++++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8
+@@ -37,7 +37,7 @@
+ .SM DARPA TELNET
+ protocol server
+ .SH SYNOPSIS
+-.B /usr/libexec/telnetd
++.B /usr/kerberos/sbin/telnetd
+ [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
+ [\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+--- krb5-1.3/src/config-files/kdc.conf.M
++++ krb5-1.3/src/config-files/kdc.conf.M
+@@ -235,7 +235,7 @@
+ realm names and the [capaths] section of its krb5.conf file
+ 
+ .SH FILES 
+-/usr/local/var/krb5kdc/kdc.conf
++/var/kerberos/krb5kdc/kdc.conf
+ 
+ .SH SEE ALSO
+ krb5.conf(5), krb5kdc(8)
+--- krb5-1.3/src/kadmin/cli/kadmin.M
++++ krb5-1.3/src/kadmin/cli/kadmin.M
+@@ -733,9 +733,9 @@
+ .RS
+ .TP
+ EXAMPLE:
+-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
++kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
+ Entry for principal kadmin/admin with kvno 3 removed
+-	from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
++	from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
+ kadmin:
+ .RE
+ .fi
+--- krb5-1.3/src/slave/kprop.M
++++ krb5-1.3/src/slave/kprop.M
+@@ -39,7 +39,7 @@
+ This is done by transmitting the dumped database file to the slave
+ server over an encrypted, secure channel.  The dump file must be created
+ by kdb5_util, and is normally KPROP_DEFAULT_FILE
+-(/usr/local/var/krb5kdc/slave_datatrans).
++(/var/kerberos/krb5kdc/slave_datatrans).
+ .SH OPTIONS
+ .TP
+ \fB\-r\fP \fIrealm\fP
+@@ -51,7 +51,7 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ found; by default the dumped database file is KPROP_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/slave_datatrans).
++(normally /var/kerberos/krb5kdc/slave_datatrans).
+ .TP
+ \fB\-P\fP \fIport\fP
+ specifies the port to use to contact the
+--- krb5-1.3/src/slave/kpropd.M
++++ krb5-1.3/src/slave/kpropd.M
+@@ -69,7 +69,7 @@
+ This is done by adding a line to the inetd.conf file which looks like
+ this:
+ 
+-kprop	stream	tcp	nowait	root	/usr/local/sbin/kpropd	kpropd
++kprop	stream	tcp	nowait	root	/usr/kerberos/sbin/kpropd	kpropd
+ 
+ However, kpropd can also run as a standalone deamon, if the
+ .B \-S
+@@ -87,13 +87,13 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ stored; by default the dumped database file is KPROPD_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/from_master).
++(normally /var/kerberos/krb5kdc/from_master).
+ .TP
+ .B \-p
+ allows the user to specify the pathname to the
+ .IR kdb5_util (8)
+ program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
+-(normally /usr/local/sbin/kdb5_util).
++(normally /usr/kerberos/sbin/kdb5_util).
+ .TP
+ .B \-S
+ turn on standalone mode.  Normally, kpropd is invoked out of
diff --git a/krb5-1.3-netkit-rsh.patch b/krb5-1.3-netkit-rsh.patch
new file mode 100644
index 0000000..6c044d3
--- /dev/null
+++ b/krb5-1.3-netkit-rsh.patch
@@ -0,0 +1,16 @@
+We ship netkit rsh, which isn't smart enough to deal with the oddball case
+where argv[0] is an option flag.
+
+--- krb5-1.3/src/appl/bsd/krsh.c
++++ krb5-1.3/src/appl/bsd/krsh.c
+@@ -616,8 +616,10 @@
+     else
+       host = argv[0];
+     
++#ifdef BERKELEY_RSH
+     if (!strcmp(host, "rsh"))
+       argv++;
++#endif
+     
+     fprintf(stderr,"trying normal rsh (%s)\n",
+ 	    UCB_RSH);
diff --git a/krb5-1.3-rlogind-environ.patch b/krb5-1.3-rlogind-environ.patch
new file mode 100644
index 0000000..6705cc1
--- /dev/null
+++ b/krb5-1.3-rlogind-environ.patch
@@ -0,0 +1,49 @@
+Start with only TERM defined in the environment, like NetKit rlogind does.
+--- krb5-1.3/src/appl/bsd/krlogind.c
++++ krb5-1.3/src/appl/bsd/krlogind.c
+@@ -713,6 +713,9 @@
+ #else
+ 	struct sgttyb b;
+ #endif /* POSIX_TERMIOS */
++	char environ_term[sizeof(term) + 6], environ_ccname[sizeof(environ_term)];
++	char *bare_environ[] = {environ_term, environ_ccname, NULL};
++
+ 	if ((retval = pty_open_slave(line, &t))) {
+ 	    fatal(f, error_message(retval));
+ 	    exit(1);
+@@ -819,11 +822,15 @@
+ /* use the vendors login, which has -p and -f. Tested on 
+  * AIX 4.1.4 and HPUX 10 
+  */
++    memset(environ_term, '\0', sizeof(environ_term));
++    memset(environ_ccname, '\0', sizeof(environ_ccname));
++    if (getenv("KRB5CCNAME") != NULL)
++      snprintf(environ_ccname, sizeof(environ_ccname) - 1, "KRB5CCNAME=%s", getenv("KRB5CCNAME"));
+     {
+         char *cp;
+         if ((cp = strchr(term,'/')))
+             *cp = '\0';
+-        setenv("TERM",term, 1);
++        snprintf(environ_term, sizeof(environ_term) - 1, "TERM=%s", term);
+     }
+ 
+     retval = pty_make_sane_hostname((struct sockaddr *) fromp, maxhostlen,
+@@ -832,13 +839,13 @@
+     if (retval)
+         fatalperror(f, "failed make_sane_hostname");
+     if (passwd_req)
+-        execl(login_program, "login", "-p", "-h", rhost_sane,
+-          lusername, 0);
++        execle(login_program, "login", "-p", "-h", rhost_sane,
++          lusername, 0, bare_environ);
+     else
+-        execl(login_program, "login", "-p", "-h", rhost_sane,
+-             "-f", lusername, 0);
++        execle(login_program, "login", "-p", "-h", rhost_sane,
++             "-f", lusername, 0, bare_environ);
+ #else /* USE_LOGIN_F */
+-	execl(login_program, "login", "-r", rhost_sane, 0);
++	execle(login_program, "login", "-r", rhost_sane, 0, bare_environ);
+ #endif /* USE_LOGIN_F */
+ 	syslog(LOG_ERR, "failed exec of %s: %s",
+ 	       login_program, error_message(errno));
diff --git a/krb5-selinux.patch b/krb5-selinux.patch
new file mode 100644
index 0000000..cd66c37
--- /dev/null
+++ b/krb5-selinux.patch
@@ -0,0 +1,13 @@
+--- krb5-1.3.1/src/util/profile/prof_file.c.selinux	2003-03-06 13:48:03.000000000 -0500
++++ krb5-1.3.1/src/util/profile/prof_file.c	2003-09-03 13:42:42.343661059 -0400
+@@ -220,8 +220,10 @@ errcode_t profile_update_file_data(prf_d
+ 	}
+ 	data->upd_serial++;
+ 	data->flags = 0;
++#ifdef NO_SELINUX
+ 	if (rw_access(data->filespec))
+ 		data->flags |= PROFILE_FILE_RW;
++#endif
+ 	retval = profile_parse_file(f, &data->root);
+ 	fclose(f);
+ 	if (retval)
diff --git a/krb5.spec b/krb5.spec
index 987c343..60e6e17 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -1,10 +1,13 @@
-%define prefix %{_prefix}/kerberos
-%define statglue 0
+%if %{?WITH_SELINUX:0}%{!?WITH_SELINUX:1}
+%define WITH_SELINUX 0
+%endif
+
+%define krb5prefix %{_prefix}/kerberos
 
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.2.7
-Release: 14
+Version: 1.3.1
+Release: 6
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@@ -24,47 +27,38 @@ Source15: klogin.xinetd
 Source16: kshell.xinetd
 Source17: krb5-telnet.xinetd
 Source18: gssftp.xinetd
-Source19: statglue.c
-Source20: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz
-Source21: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig
-Patch0: krb5-1.1-db.patch
-Patch1: krb5-1.1.1-tiocgltc.patch
-Patch2: krb5-1.1.1-libpty.patch
-Patch3: krb5-1.1.1-fixinfo.patch
-Patch4: krb5-1.1.1-manpages.patch
-Patch5: krb5-1.1.1-netkitr.patch
-Patch6: krb5-1.2-rlogind.patch
-Patch7: krb5-1.2-ksu.patch
-Patch8: krb5-1.2-ksu.options.patch
-Patch9: krb5-1.2-ksu.man.patch
-Patch10: krb5-1.2-quiet.patch
-Patch11: krb5-1.1.1-brokenrev.patch
-Patch12: krb5-1.2-spelling.patch
-Patch13: krb5-1.2.1-term.patch
-Patch14: krb5-1.2.1-passive.patch
-Patch15: krb5-1.2.1-forward.patch
-Patch16: krb5-1.2.1-heap.patch
-Patch17: krb5-1.2.2-wragg.patch
-Patch18: krb5-1.2.2-statglue.patch
-Patch20: krb5-1.2.2-by-address.patch
-Patch21: http://lite.mit.edu/krb5-1.2.2-ktany.patch
-Patch22: krb5-1.2.2-logauth.patch
-Patch23: krb5-1.2.2-size.patch
-Patch24: krb5-1.2.5-db2-configure.patch
-Patch25: krb5-1.2.7-namelength.patch
-Patch26: krb5-1.2.7-errno.patch
-Patch27: gssftp-patch
-Patch28: krb5-1.2.7-princ_size.patch
-Patch29: krb5-1.2.7-reject-bad-transited.patch
-Patch30: krb5-1.2.7-underrun.patch
-Patch31: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
-Patch32: krb5-1.2.7-krb524d-double-free.patch
+
+Patch0: krb5-1.3-gcc33.patch
+Patch1: krb5-1.3-info-dir.patch
+Patch2: krb5-1.3-manpage-paths.patch
+Patch3: krb5-1.3-netkit-rsh.patch
+Patch4: krb5-1.3-rlogind-environ.patch
+Patch5: krb5-1.3-ksu-access.patch
+Patch6: krb5-1.3-ksu-path.patch
+Patch7: krb5-1.1.1-tiocgltc.patch
+Patch8: krb5-1.1.1-libpty.patch
+Patch9: krb5-1.1.1-brokenrev.patch
+Patch10: krb5-1.2.1-term.patch
+Patch11: krb5-1.2.1-passive.patch
+Patch12: krb5-1.3-ktany.patch
+Patch13: krb5-1.3-large-file.patch
+Patch14: krb5-1.3-ftp-glob.patch
+Patch15: krb5-1.3-check.patch
+Patch16: krb5-1.3-no-rpath.patch
+Patch17: krb5-1.3-pass-by-address.patch
+Patch18: krb5-1.2.7-reject-bad-transited.patch
+Patch19: krb5-1.2.7-krb524d-double-free.patch
+Patch20: krb5-1.3.1-varargs.patch
+Patch21: krb5-selinux.patch
+Patch22: krb5-1.3.1-32.patch
+
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
 BuildRoot: %{_tmppath}/%{name}-root
 Prereq: grep, info, sh-utils, /sbin/install-info
-BuildPrereq: bison, e2fsprogs-devel, flex, gzip, libtermcap-devel, rsh, texinfo, tar
+BuildPrereq: bison, e2fsprogs-devel >= 1.33, flex
+BuildPrereq: gzip, libtermcap-devel, rsh, texinfo, tar
 
 %description
 Kerberos V5 is a trusted-third-party network authentication system,
@@ -74,7 +68,7 @@ practice of cleartext passwords.
 %package devel
 Summary: Development files needed to compile Kerberos 5 programs.
 Group: Development/Libraries
-Requires: %{name}-libs = %{version}-%{release}
+Requires: %{name}-libs = %{version}-%{release}, e2fsprogs-devel
 
 %description devel
 Kerberos is a network authentication system. The krb5-devel package
@@ -120,6 +114,57 @@ network uses Kerberos, this package should be installed on every
 workstation.
 
 %changelog
+* Thu Sep 25 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-6
+- fix bug in patch to make rlogind start login with a clean environment a la
+  netkit rlogin, spotted and fixed by Scott McClung
+
+* Tue Sep 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-5
+- include profile.d scriptlets in krb5-devel so that krb5-config will be in
+  the path, reported by Kir Kolyshkin
+
+* Mon Sep  8 2003 Nalin Dahyabhai <nalin@redhat.com>
+- add more etypes (arcfour) to the default enctype list in kdc.conf
+- don't apply previous patch, refused upstream
+
+* Fri Sep  5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-4
+- fix 32/64-bit bug storing and retrieving the issue_date in v4 credentials
+
+* Wed Sep 3 2003 Dan Walsh <dwalsh@redhat.com> 1.3.1-3
+- Don't check for write access on /etc/krb5.conf if SELinux
+
+* Tue Aug 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-2
+- fixup some int/pointer varargs wackiness
+
+* Tue Aug  5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-1
+- rebuild
+
+* Mon Aug  4 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3.1-0
+- update to 1.3.1
+
+* Thu Jul 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-2
+- pull fix for non-compliant encoding of salt field in etype-info2 preauth
+  data from 1.3.1 beta 1, until 1.3.1 is released.
+
+* Mon Jul 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-1
+- update to 1.3
+
+* Mon Jul  7 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-4
+- correctly use stdargs
+
+* Wed Jun 18 2003 Nalin Dahyabhai <nalin@redhat.com> 1.3-0.beta.4
+- test update to 1.3 beta 4
+- ditch statglue build option
+- krb5-devel requires e2fsprogs-devel, which now provides libss and libcom_err
+
+* Wed Jun 04 2003 Elliot Lee <sopwith@redhat.com>
+- rebuilt
+
+* Wed May 21 2003 Jeremy Katz <katzj@redhat.com> 1.2.8-2
+- gcc 3.3 doesn't implement varargs.h, include stdarg.h instead
+
+* Wed Apr  9 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.8-1
+- update to 1.2.8
+
 * Mon Mar 31 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.7-14
 - fix double-free of enc_part2 in krb524d
 
@@ -564,96 +609,72 @@ workstation.
 - added --force to makeinfo commands to skip errors during build
 
 %prep
-%setup -q -a 20
-%patch0  -p0 -b .db
-%patch1  -p0 -b .tciogltc
-%patch2  -p0 -b .libpty
-%patch3  -p0 -b .fixinfo
-%patch4  -p0 -b .manpages
-%patch5  -p0 -b .netkitr
-%patch6  -p1 -b .rlogind
-%patch7  -p1 -b .ksu
-%patch8 -p1 -b .ksu-options
-%patch9 -p1 -b .ksu-man
-%patch10 -p1 -b .quiet
-%patch11 -p1 -b .brokenrev
-%patch12 -p1 -b .spelling
-%patch13 -p1 -b .term
-%patch14 -p1 -b .passive
-%patch15 -p1 -b .forward
-%patch16 -p1 -b .heap
-%patch17 -p1 -b .wragg
-%if %{statglue}
-%patch18 -p1 -b .statglue
+%setup -q -n %{name}-%{version}
+%patch0  -p1 -b .gcc33
+%patch1  -p1 -b .info-dir
+%patch2  -p1 -b .manpage-paths
+%patch3  -p1 -b .netkit-rsh
+%patch4  -p1 -b .rlogind-environ
+%patch5  -p1 -b .ksu-access
+%patch6  -p1 -b .ksu-path
+%patch7  -p0 -b .tciogltc
+%patch8  -p0 -b .libpty
+%patch9  -p1 -b .brokenrev
+%patch10 -p1 -b .term
+%patch11 -p1 -b .passive
+%patch12 -p1 -b .ktany
+%patch13 -p1 -b .large-file
+%patch14 -p1 -b .ftp-glob
+%patch15 -p1 -b .check
+%patch16 -p1 -b .no-rpath
+%patch17 -p1 -b .pass-by-address
+%patch18 -p1 -b .reject-bad-transited
+%patch19 -p1 -b .double-free
+%patch20 -p1 -b .varargs
+%if %{WITH_SELINUX}
+%patch21 -p1 -b .selinux
 %endif
-%patch20 -p0 -b .by-address
-%patch21 -p1 -b .ktany
-%patch22 -p1 -b .logauth
-%patch23 -p1 -b .size
-%patch24 -p1 -b .db2-configure
-%patch25 -p1 -b .namelength
-%patch26 -p1 -b .errno
-%patch27 -p1 -b .gssftp-patch
-%patch28 -p1 -b .princ_size.patch
-%patch29 -p1 -b .reject-bad-transited.patch
-%patch30 -p1 -b .underrun
-pushd src
-patch -sp0 -b -z .2003-004-krb4 < ../2003-004-krb4_patchkit/patch.1.2.7
-popd
-pushd src/lib/rpc
-%patch31 -p0 -b .2003-003
-popd
-%patch32 -p1 -b .double-free
+# Removed, per http://mailman.mit.edu/pipermail/krb5-bugs/2003-September/001735.html
+# %patch22 -p1 -b .32
 
 cp src/krb524/README README.krb524
-
-(cd src/util/db2; autoconf )
-%if %{statglue}
-cp $RPM_SOURCE_DIR/statglue.c src/util/profile/statglue.c
-%endif
-find . -type f -name "*.fixinfo" -exec rm -fv "{}" ";"
+find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
 gzip doc/*.ps
 
 %build
 cd src
-libtoolize --copy --force
-cp config.{guess,sub} config/
-cp config.{guess,sub} util/autoconf/
-
-# Get LFS support on systems that need it which aren't already 64-bit.
-%ifarch %{ix86} s390 ppc sparc
-DEFINES="-D_FILE_OFFSET_BITS=64" ; export DEFINES
-%endif
-# Can't use %%configure because we don't use the default mandir.
-./configure \
-	--with-cc=%{__cc} \
-	--with-ccopts="$RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES -fPIC" \
+INCLUDES=-I%{_includedir}/et
+CFLAGS="`echo $RPM_OPT_FLAGS $ARCH_OPT_FLAGS $DEFINES $INCLUDES -fPIC`"
+%configure \
+	CC=%{__cc} \
+	CFLAGS="$CFLAGS" \
+	CPPFLAGS="$DEFINES $INCLUDES" \
 	--enable-shared --enable-static \
-	--prefix=%{prefix} \
-	--infodir=%{_infodir} \
-	--libdir=%{prefix}/%{_lib} \
+	--bindir=%{krb5prefix}/bin \
+	--mandir=%{krb5prefix}/man \
+	--sbindir=%{krb5prefix}/sbin \
+	--datadir=%{krb5prefix}/share \
 	--localstatedir=%{_var}/kerberos \
 	--with-krb4 \
+	--with-system-et \
+	--with-system-ss \
 	--with-netlib=-lresolv \
 	--without-tcl \
-	--enable-dns \
-	%{_target_platform}
-# Now build it.  Override the CC_LINK variable to exclude the rpath, and
+	--enable-dns
+# Now build it.  Override the RPATH_FLAG and PROG_LIBPATH to drop the rpath, and
 # override LDCOMBINE to use gcc instead of ld to build shared libraries.
-make \
-	CC_LINK='$(CC) $(PROG_LIBPATH)' \
+make	RPATH_FLAG= PROG_RPATH= \
 	LDCOMBINE='%{__cc} -shared -Wl,-soname=lib$(LIB)$(SHLIBSEXT) $(CFLAGS)'
 
-# Run the test suite.  Won't run in the build system because /dev/pts is
-# not available for telnet tests and so on.
-# make check TMPDIR=%{_tmppath}
+# Run the test suite.
+: make	RPATH_FLAG= PROG_RPATH= check TMPDIR=%{_tmppath}
 
 %install
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
 # Shell scripts wrappers for Kerberized rsh and rlogin.
-mkdir -p $RPM_BUILD_ROOT%{prefix}/bin
-install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{prefix}/bin/
+mkdir -p $RPM_BUILD_ROOT%{krb5prefix}/bin
+install -m 755 $RPM_SOURCE_DIR/{krsh,krlogin} $RPM_BUILD_ROOT/%{krb5prefix}/bin/
 
 # Info docs.
 mkdir -p $RPM_BUILD_ROOT%{_infodir}
@@ -691,23 +712,19 @@ done
 make -C src DESTDIR=$RPM_BUILD_ROOT install
 
 # Fixup permissions on header files.
-find $RPM_BUILD_ROOT/%{prefix}/include -type d | xargs chmod 755
-find $RPM_BUILD_ROOT/%{prefix}/include -type f | xargs chmod 644
+find $RPM_BUILD_ROOT/%{_includedir} -type d | xargs chmod 755
+find $RPM_BUILD_ROOT/%{_includedir} -type f | xargs chmod 644
 
 # Fixup strange shared library permissions.
-chmod 755 $RPM_BUILD_ROOT%{prefix}/%{_lib}/*.so*
+chmod 755 $RPM_BUILD_ROOT%{_libdir}/*.so*
 
 # Munge the krb5-config script to remove rpaths.
-sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{prefix}/bin/krb5-config
+sed "s|^CC_LINK=.*|CC_LINK='\$(CC) \$(PROG_LIBPATH)'|g" src/krb5-config > $RPM_BUILD_ROOT%{krb5prefix}/bin/krb5-config
 
 %clean
 [ "$RPM_BUILD_ROOT" != "/" ] && rm -rf $RPM_BUILD_ROOT
 
-%post libs
-if ! grep -q '^%{prefix}/%{_lib}$' /etc/ld.so.conf ; then
-	echo %{prefix}/%{_lib} >> /etc/ld.so.conf
-fi
-/sbin/ldconfig
+%post libs -p /sbin/ldconfig
 
 %postun libs -p /sbin/ldconfig
 
@@ -767,72 +784,75 @@ fi
 
 %config(noreplace) /etc/xinetd.d/*
 
-%doc doc/user*.html doc/user*.ps.gz src/config-files/services.append
+%doc doc/krb5-user*.html doc/user*.ps.gz src/config-files/services.append
+%doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html
 %attr(0755,root,root) %doc src/config-files/convert-config-files
 %{_infodir}/krb5-user.info*
 
-%dir %{prefix}
-%dir %{prefix}/bin
-%dir %{prefix}/man
-%dir %{prefix}/man/man1
-%dir %{prefix}/man/man5
-%dir %{prefix}/man/man8
-%dir %{prefix}/sbin
-
-%{prefix}/bin/ftp
-%{prefix}/man/man1/ftp.1*
-%{prefix}/bin/gss-client
-%{prefix}/bin/kdestroy
-%{prefix}/man/man1/kdestroy.1*
-%{prefix}/man/man1/kerberos.1*
-%{prefix}/bin/kinit
-%{prefix}/man/man1/kinit.1*
-%{prefix}/bin/klist
-%{prefix}/man/man1/klist.1*
-%{prefix}/bin/kpasswd
-%{prefix}/man/man1/kpasswd.1*
-%{prefix}/bin/krb524init
-%{prefix}/sbin/kadmin
-%{prefix}/man/man8/kadmin.8*
-%{prefix}/sbin/ktutil
-%{prefix}/man/man8/ktutil.8*
-%attr(0755,root,root) %{prefix}/bin/ksu
-%{prefix}/man/man1/ksu.1*
-%{prefix}/bin/kvno
-%{prefix}/man/man1/kvno.1*
-%{prefix}/bin/rcp
-%{prefix}/man/man1/rcp.1*
-%{prefix}/bin/krlogin
-%{prefix}/bin/rlogin
-%{prefix}/man/man1/rlogin.1*
-%{prefix}/bin/krsh
-%{prefix}/bin/rsh
-%{prefix}/man/man1/rsh.1*
-%{prefix}/bin/telnet
-%{prefix}/man/man1/telnet.1*
-%{prefix}/man/man1/tmac.doc*
-%attr(0755,root,root) %{prefix}/bin/v4rcp
-%{prefix}/man/man1/v4rcp.1*
-%{prefix}/bin/v5passwd
-%{prefix}/man/man1/v5passwd.1*
-%{prefix}/bin/sim_client
-%{prefix}/bin/uuclient
-%{prefix}/sbin/login.krb5
-%{prefix}/man/man8/login.krb5.8*
-%{prefix}/sbin/ftpd
-%{prefix}/man/man8/ftpd.8*
-%{prefix}/sbin/gss-server
-%{prefix}/sbin/klogind
-%{prefix}/man/man8/klogind.8*
-%{prefix}/sbin/krb5-send-pr
-%{prefix}/man/man1/krb5-send-pr.1*
-%{prefix}/sbin/kshd
-%{prefix}/man/man8/kshd.8*
-%{prefix}/sbin/telnetd
-%{prefix}/man/man8/telnetd.8*
-%{prefix}/sbin/uuserver
-%{prefix}/man/man5/.k5login.5*
-%{prefix}/man/man5/krb5.conf.5*
+%dir %{krb5prefix}
+%dir %{krb5prefix}/bin
+%dir %{krb5prefix}/man
+%dir %{krb5prefix}/man/man1
+%dir %{krb5prefix}/man/man5
+%dir %{krb5prefix}/man/man8
+%dir %{krb5prefix}/sbin
+
+%{krb5prefix}/bin/ftp
+%{krb5prefix}/man/man1/ftp.1*
+%{krb5prefix}/bin/gss-client
+%{krb5prefix}/bin/kdestroy
+%{krb5prefix}/man/man1/kdestroy.1*
+%{krb5prefix}/man/man1/kerberos.1*
+%{krb5prefix}/bin/kinit
+%{krb5prefix}/man/man1/kinit.1*
+%{krb5prefix}/bin/klist
+%{krb5prefix}/man/man1/klist.1*
+%{krb5prefix}/bin/kpasswd
+%{krb5prefix}/man/man1/kpasswd.1*
+%{krb5prefix}/bin/krb524init
+%{krb5prefix}/sbin/k5srvutil
+%{krb5prefix}/man/man8/k5srvutil.8*
+%{krb5prefix}/sbin/kadmin
+%{krb5prefix}/man/man8/kadmin.8*
+%{krb5prefix}/sbin/ktutil
+%{krb5prefix}/man/man8/ktutil.8*
+%attr(0755,root,root) %{krb5prefix}/bin/ksu
+%{krb5prefix}/man/man1/ksu.1*
+%{krb5prefix}/bin/kvno
+%{krb5prefix}/man/man1/kvno.1*
+%{krb5prefix}/bin/rcp
+%{krb5prefix}/man/man1/rcp.1*
+%{krb5prefix}/bin/krlogin
+%{krb5prefix}/bin/rlogin
+%{krb5prefix}/man/man1/rlogin.1*
+%{krb5prefix}/bin/krsh
+%{krb5prefix}/bin/rsh
+%{krb5prefix}/man/man1/rsh.1*
+%{krb5prefix}/bin/telnet
+%{krb5prefix}/man/man1/telnet.1*
+%{krb5prefix}/man/man1/tmac.doc*
+%attr(0755,root,root) %{krb5prefix}/bin/v4rcp
+%{krb5prefix}/man/man1/v4rcp.1*
+%{krb5prefix}/bin/v5passwd
+%{krb5prefix}/man/man1/v5passwd.1*
+%{krb5prefix}/bin/sim_client
+%{krb5prefix}/bin/uuclient
+%{krb5prefix}/sbin/login.krb5
+%{krb5prefix}/man/man8/login.krb5.8*
+%{krb5prefix}/sbin/ftpd
+%{krb5prefix}/man/man8/ftpd.8*
+%{krb5prefix}/sbin/gss-server
+%{krb5prefix}/sbin/klogind
+%{krb5prefix}/man/man8/klogind.8*
+%{krb5prefix}/sbin/krb5-send-pr
+%{krb5prefix}/man/man1/krb5-send-pr.1*
+%{krb5prefix}/sbin/kshd
+%{krb5prefix}/man/man8/kshd.8*
+%{krb5prefix}/sbin/telnetd
+%{krb5prefix}/man/man8/telnetd.8*
+%{krb5prefix}/sbin/uuserver
+%{krb5prefix}/man/man5/.k5login.5*
+%{krb5prefix}/man/man5/krb5.conf.5*
 
 %files server
 %defattr(-,root,root)
@@ -842,9 +862,9 @@ fi
 %config /etc/rc.d/init.d/krb524
 %config /etc/rc.d/init.d/kprop
 
-%doc doc/admin*.ps.gz doc/admin*.html
+%doc doc/admin*.ps.gz doc/krb5-admin*.html
 %doc doc/krb425*.ps.gz doc/krb425*.html
-%doc doc/install*.ps.gz doc/install*.html
+%doc doc/install*.ps.gz doc/krb5-install*.html
 %doc README.krb524
 
 %{_infodir}/krb5-admin.info*
@@ -856,47 +876,50 @@ fi
 %config(noreplace) %{_var}/kerberos/krb5kdc/kdc.conf
 %config(noreplace) %{_var}/kerberos/krb5kdc/kadm5.acl
 
-%dir %{prefix}/bin
-%dir %{prefix}/man
-%dir %{prefix}/man/man1
-%dir %{prefix}/man/man5
-%dir %{prefix}/man/man8
-%dir %{prefix}/sbin
-
-%{prefix}/man/man5/kdc.conf.5*
-%{prefix}/sbin/kadmin.local
-%{prefix}/man/man8/kadmin.local.8*
-%{prefix}/sbin/kadmind
-%{prefix}/man/man8/kadmind.8*
-%{prefix}/sbin/kadmind4
-%{prefix}/sbin/kdb5_util
-%{prefix}/man/man8/kdb5_util.8*
-%{prefix}/sbin/kprop
-%{prefix}/man/man8/kprop.8*
-%{prefix}/sbin/kpropd
-%{prefix}/man/man8/kpropd.8*
-%{prefix}/sbin/krb524d
-%{prefix}/sbin/krb5kdc
-%{prefix}/man/man8/krb5kdc.8*
-%{prefix}/sbin/sim_server
-%{prefix}/sbin/v5passwdd
+%dir %{krb5prefix}/bin
+%dir %{krb5prefix}/man
+%dir %{krb5prefix}/man/man1
+%dir %{krb5prefix}/man/man5
+%dir %{krb5prefix}/man/man8
+%dir %{krb5prefix}/sbin
+
+%{krb5prefix}/man/man5/kdc.conf.5*
+%{krb5prefix}/sbin/kadmin.local
+%{krb5prefix}/man/man8/kadmin.local.8*
+%{krb5prefix}/sbin/kadmind
+%{krb5prefix}/man/man8/kadmind.8*
+%{krb5prefix}/sbin/kadmind4
+%{krb5prefix}/sbin/kdb5_util
+%{krb5prefix}/man/man8/kdb5_util.8*
+%{krb5prefix}/sbin/kprop
+%{krb5prefix}/man/man8/kprop.8*
+%{krb5prefix}/sbin/kpropd
+%{krb5prefix}/man/man8/kpropd.8*
+%{krb5prefix}/sbin/krb524d
+%{krb5prefix}/sbin/krb5kdc
+%{krb5prefix}/man/man8/krb5kdc.8*
+%{krb5prefix}/sbin/sim_server
+%{krb5prefix}/sbin/v5passwdd
 # This is here for people who want to test their server, and also 
 # included in devel package for similar reasons.
-%{prefix}/bin/sclient
-%{prefix}/man/man1/sclient.1*
-%{prefix}/sbin/sserver
-%{prefix}/man/man8/sserver.8*
+%{krb5prefix}/bin/sclient
+%{krb5prefix}/man/man1/sclient.1*
+%{krb5prefix}/sbin/sserver
+%{krb5prefix}/man/man8/sserver.8*
 
 %files libs
 %defattr(-,root,root)
 %config /etc/rc.d/init.d/kdcrotate
 %config(noreplace) /etc/krb5.conf
-%dir %{prefix}/%{_lib}
-%{prefix}/%{_lib}/lib*.so.*
-%{prefix}/share
+%{_libdir}/lib*.so.*
+%{krb5prefix}/share
 
 %files devel
 %defattr(-,root,root)
+
+%config /etc/profile.d/krb5.sh
+%config /etc/profile.d/krb5.csh
+
 %doc doc/api
 %doc doc/implement
 %doc doc/kadm5
@@ -904,19 +927,19 @@ fi
 %doc doc/krb5-protocol
 %doc doc/rpc
 
-%dir %{prefix}
-%dir %{prefix}/bin
-%dir %{prefix}/man
-%dir %{prefix}/man/man1
-%dir %{prefix}/man/man8
-%dir %{prefix}/sbin
-
-%{prefix}/include
-%{prefix}/%{_lib}/lib*.a
-%{prefix}/%{_lib}/lib*.so
-
-%{prefix}/bin/krb5-config
-%{prefix}/bin/sclient
-%{prefix}/man/man1/sclient.1*
-%{prefix}/man/man8/sserver.8*
-%{prefix}/sbin/sserver
+%dir %{krb5prefix}
+%dir %{krb5prefix}/bin
+%dir %{krb5prefix}/man
+%dir %{krb5prefix}/man/man1
+%dir %{krb5prefix}/man/man8
+%dir %{krb5prefix}/sbin
+
+%{_includedir}/*
+%{_libdir}/lib*.a
+%{_libdir}/lib*.so
+
+%{krb5prefix}/bin/krb5-config
+%{krb5prefix}/bin/sclient
+%{krb5prefix}/man/man1/sclient.1*
+%{krb5prefix}/man/man8/sserver.8*
+%{krb5prefix}/sbin/sserver
diff --git a/sources b/sources
index 5c11b27..466c178 100644
--- a/sources
+++ b/sources
@@ -1,2 +1 @@
-88d770f2de2c1bd842b511f47002a807  2003-004-krb4_patchkit.tar.gz
-854b52face2a8f771caf88166fa269d3  krb5-1.2.7.tar.gz
+73f868cf65bec56d7c718834ca5665fd  krb5-1.3.1.tar.gz
author	cvsdist <cvsdist@fedoraproject.org>	2004-09-09 07:16:22 +0000
committer	cvsdist <cvsdist@fedoraproject.org>	2004-09-09 07:16:22 +0000
commit	0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd (patch)
tree	59126e93542a10cf6bf5237cd9d2a278b7fc24e1
parent	f241d93ce5dff9dc39693d9051b6706ab16a1e57 (diff)
download	krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.tar.gz krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.tar.xz krb5-0b77dc9b0babfde537f5c8f6e24be4b063f5ddfd.zip