diff options
| author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-14 21:14:26 +0000 |
|---|---|---|
| committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2010-01-14 21:14:26 +0000 |
| commit | 489d98b62fe9f274f30eb62522969664d1ad17a9 (patch) | |
| tree | c2604aaf2968abeafbad652669cbc4071a7eedf4 | |
| parent | 7b43f55d4afabfff5bfae75a0e1ac3027449fcb7 (diff) | |
| download | krb5-489d98b62fe9f274f30eb62522969664d1ad17a9.tar.gz krb5-489d98b62fe9f274f30eb62522969664d1ad17a9.tar.xz krb5-489d98b62fe9f274f30eb62522969664d1ad17a9.zip | |
- use portreserve to make sure the KDC can always bind to the kerberos-iv
port, kpropd can always bind to the krb5_prop port, and that kadmind
can always bind to the kerberos-adm port (#555279)
- correct inadvertent use of macros in the changelog (rpmlint)
| -rwxr-xr-x | kadmind.init | 3 | ||||
| -rwxr-xr-x | kpropd.init | 3 | ||||
| -rw-r--r-- | krb5.portreserve | 3 | ||||
| -rw-r--r-- | krb5.spec | 16 | ||||
| -rwxr-xr-x | krb5kdc.init | 3 |
5 files changed, 26 insertions, 2 deletions
diff --git a/kadmind.init b/kadmind.init index 6e248a8..b33668e 100755 --- a/kadmind.init +++ b/kadmind.init @@ -15,6 +15,7 @@ # Provides: kadmin # Required-Start: $local_fs $network # Required-Stop: $local_fs $network +# Should-Start: portreserve # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start and stop the Kerberos 5 admin server @@ -53,6 +54,8 @@ start() { [ -x $kadmind ] || exit 5 fi echo -n $"Starting $prog: " + # tell portreserve to release the kerberos-adm port + [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-adm &>/dev/null || : daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS RETVAL=$? echo diff --git a/kpropd.init b/kpropd.init index 80b7a79..2f0f623 100755 --- a/kpropd.init +++ b/kpropd.init @@ -13,6 +13,7 @@ # Provides: kprop # Required-Start: $local_fs $network # Required-Stop: $local_fs $network +# Should-Start: portreserve # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start and stop the Kerberos 5 propagation client @@ -35,6 +36,8 @@ start() { [ -f /var/kerberos/krb5kdc/kpropd.acl ] || exit 6 [ -x $kpropd ] || exit 5 echo -n $"Starting $prog: " + # tell portreserve to release the krb5_prop port + [ -x /sbin/portrelease ] && /sbin/portrelease krb5_prop &>/dev/null || : daemon ${kpropd} -S RETVAL=$? echo diff --git a/krb5.portreserve b/krb5.portreserve new file mode 100644 index 0000000..8e1e0d7 --- /dev/null +++ b/krb5.portreserve @@ -0,0 +1,3 @@ +kerberos-adm/tcp +kerberos-iv +krb5_prop/tcp @@ -10,7 +10,7 @@ Summary: The Kerberos network authentication system Name: krb5 Version: 1.7 -Release: 18%{?dist} +Release: 19%{?dist} # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.7/krb5-1.7-signed.tar Source0: krb5-%{version}.tar.gz @@ -42,6 +42,7 @@ Source26: gssftp.pamd Source27: kshell.pamd Source28: ekshell.pamd Source29: ksu.pamd +Source30: krb5.portreserve Patch3: krb5-1.3-netkit-rsh.patch Patch4: krb5-1.3-rlogind-environ.patch @@ -145,6 +146,8 @@ Requires(preun): /sbin/install-info, chkconfig, initscripts Requires(postun): initscripts # mktemp is used by krb5-send-pr Requires: mktemp +# portreserve is used by init scripts for kadmind, kpropd, and krb5kdc +Requires: portreserve %description server Kerberos is a network authentication system. The krb5-server package @@ -219,6 +222,12 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Thu Jan 14 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-19 +- use portreserve to make sure the KDC can always bind to the kerberos-iv + port, kpropd can always bind to the krb5_prop port, and that kadmind can + always bind to the kerberos-adm port (#555279) +- correct inadvertent use of macros in the changelog (rpmlint) + * Tue Jan 12 2010 Nalin Dahyabhai <nalin@redhat.com> - 1.7-18 - add upstream patch for integer underflow during AES and RC4 decryption (CVE-2009-4212), via Tom Yu (#545015) @@ -302,7 +311,7 @@ certificate. * Mon Jul 6 2009 Nalin Dahyabhai <nalin@redhat.com> - simplify the man pages patch by only preprocessing the files we care about and moving shared configure.in logic into a shared function -- catch the case of ftpd printing file sizes using %i, when they might be +- catch the case of ftpd printing file sizes using %%i, when they might be bigger than an int now * Tue Jun 30 2009 Nalin Dahyabhai <nalin@redhat.com> 1.7-4 @@ -1682,6 +1691,8 @@ install -pm 755 $RPM_SOURCE_DIR/kpropd.init $RPM_BUILD_ROOT/etc/rc.d/init.d/kpro mkdir -p $RPM_BUILD_ROOT/etc/sysconfig install -pm 644 $RPM_SOURCE_DIR/krb5kdc.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/krb5kdc install -pm 644 $RPM_SOURCE_DIR/kadmin.sysconfig $RPM_BUILD_ROOT/etc/sysconfig/kadmin +mkdir -p $RPM_BUILD_ROOT/etc/portreserve +install -pm 644 $RPM_SOURCE_DIR/krb5.portreserve $RPM_BUILD_ROOT/etc/portreserve/krb5 # Xinetd configuration files. mkdir -p $RPM_BUILD_ROOT/etc/xinetd.d/ @@ -1950,6 +1961,7 @@ exit 0 /etc/rc.d/init.d/kprop %config(noreplace) /etc/sysconfig/krb5kdc %config(noreplace) /etc/sysconfig/kadmin +%config(noreplace) /etc/portreserve/krb5 %doc doc/admin*.ps.gz %doc doc/install*.ps.gz diff --git a/krb5kdc.init b/krb5kdc.init index 739d56b..9a174bc 100755 --- a/krb5kdc.init +++ b/krb5kdc.init @@ -14,6 +14,7 @@ # Provides: krb5kdc # Required-Start: $local_fs $network # Required-Stop: $local_fs $network +# Should-Start: portreserve # Default-Start: # Default-Stop: 0 1 2 3 4 5 6 # Short-Description: start and stop the Kerberos 5 KDC @@ -38,6 +39,8 @@ krb5kdc=/usr/kerberos/sbin/krb5kdc start() { [ -x $krb5kdc ] || exit 5 echo -n $"Starting $prog: " + # tell portreserve to release the kerberos-iv port + [ -x /sbin/portrelease ] && /sbin/portrelease kerberos-iv &>/dev/null || : daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS RETVAL=$? echo |