- pull up 1.6.1-2 from the devel branch

author: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-06-27 18:14:25 +0000
committer: Nalin Dahyabhai <nalin@fedoraproject.org> 2007-06-27 18:14:25 +0000
commit: 81f5873fea01d291cb5457d77e947c551d964609 (patch)
tree: c70683e6e56d46fcb9963bf02b1d0fd43a550c9a
parent: f62a0ae0e9f69bce97a4b82c0ac8480397a68083 (diff)
download: krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.gz
krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.xz
krb5-81f5873fea01d291cb5457d77e947c551d964609.zip
6 files changed, 493 insertions, 12 deletions
diff --git a/kadmind.init b/kadmind.init
index 2b22a77..8c7e108 100755
--- a/kadmind.init
+++ b/kadmind.init
@@ -30,7 +30,11 @@ RETVAL=0
 # Shell functions to cut down on useless shell instances.
 start() {
   	if [ ! -f /var/kerberos/krb5kdc/principal ] ; then
-	    echo $"Error. Default principal database does not exist."
+	    # Make an educated guess -- if they're using kldap somewhere,
+	    # then we don't know for sure that this is an error.
+  	    if [ ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ] ; then
+	        echo $"Error. Default principal database does not exist."
+	    fi
 	    exit 0
 	fi
   	if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then
@@ -39,7 +43,10 @@ start() {
 	else
   	    if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
 		echo -n $"Extracting kadm5 Service Keys: "
+		# This should always work.
 		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
+		# It's probably okay if this fails.
+		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success
 		echo
 	    fi
 	fi
diff --git a/krb5-1.6-manpage-paths.patch b/krb5-1.6-manpage-paths.patch
new file mode 100644
index 0000000..dda7e3f
--- /dev/null
+++ b/krb5-1.6-manpage-paths.patch
@@ -0,0 +1,142 @@
+--- krb5-1.3/src/appl/bsd/klogind.M
++++ krb5-1.3/src/appl/bsd/klogind.M
+@@ -27,7 +27,7 @@
+ the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
+ configuration line for \fIklogind\fP might be:
+ 
+-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
++klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c
+ 
+ When a service request is received, the following protocol is initiated:
+ 
+--- krb5-1.3/src/appl/bsd/kshd.M
++++ krb5-1.3/src/appl/bsd/kshd.M
+@@ -8,7 +8,7 @@
+ .SH NAME
+ kshd \- kerberized remote shell server
+ .SH SYNOPSIS
+-.B /usr/local/sbin/kshd 
++.B /usr/kerberos/sbin/kshd 
+ [
+ .B \-kr45ec
+ ]
+@@ -30,7 +30,7 @@
+ on the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
+ configuration line for \fIkrshd\fP might be:
+ 
+-kshell	stream	tcp	nowait	root	/usr/local/sbin/kshd	kshd -5c
++kshell	stream	tcp	nowait	root	/usr/kerberos/sbin/kshd	kshd -5c
+ 
+ When a service request is received, the following protocol is initiated:
+ 
+--- krb5-1.3/src/appl/sample/sserver/sserver.M
++++ krb5-1.3/src/appl/sample/sserver/sserver.M
+@@ -59,7 +59,7 @@
+ using a line in
+ /etc/inetd.conf that looks like this:
+ .PP
+-sample  stream  tcp     nowait  root /usr/local/sbin/sserver	sserver
++sample  stream  tcp     nowait  root /usr/kerberos/sbin/sserver	sserver
+ .PP
+ Since \fBsample\fP is normally not a port defined in /etc/services, you will
+ usually have to add a line to /etc/services which looks like this:
+--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8
++++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8
+@@ -37,7 +37,7 @@
+ .SM DARPA TELNET
+ protocol server
+ .SH SYNOPSIS
+-.B /usr/libexec/telnetd
++.B /usr/kerberos/sbin/telnetd
+ [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
+ [\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
+ [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
+--- krb5-1.3/src/config-files/kdc.conf.M
++++ krb5-1.3/src/config-files/kdc.conf.M
+@@ -235,7 +235,7 @@
+ realm names and the [capaths] section of its krb5.conf file
+ 
+ .SH FILES 
+-/usr/local/var/krb5kdc/kdc.conf
++/var/kerberos/krb5kdc/kdc.conf
+ 
+ .SH SEE ALSO
+ krb5.conf(5), krb5kdc(8)
+--- krb5-1.3/src/kadmin/cli/kadmin.M
++++ krb5-1.3/src/kadmin/cli/kadmin.M
+@@ -733,9 +733,9 @@
+ .RS
+ .TP
+ EXAMPLE:
+-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
++kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin
+ Entry for principal kadmin/admin with kvno 3 removed
+-	from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
++	from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab.
+ kadmin:
+ .RE
+ .fi
+--- krb5-1.3/src/slave/kprop.M
++++ krb5-1.3/src/slave/kprop.M
+@@ -39,7 +39,7 @@
+ This is done by transmitting the dumped database file to the slave
+ server over an encrypted, secure channel.  The dump file must be created
+ by kdb5_util, and is normally KPROP_DEFAULT_FILE
+-(/usr/local/var/krb5kdc/slave_datatrans).
++(/var/kerberos/krb5kdc/slave_datatrans).
+ .SH OPTIONS
+ .TP
+ \fB\-r\fP \fIrealm\fP
+@@ -51,7 +51,7 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ found; by default the dumped database file is KPROP_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/slave_datatrans).
++(normally /var/kerberos/krb5kdc/slave_datatrans).
+ .TP
+ \fB\-P\fP \fIport\fP
+ specifies the port to use to contact the
+--- krb5-1.3/src/slave/kpropd.M
++++ krb5-1.3/src/slave/kpropd.M
+@@ -69,7 +69,7 @@
+ This is done by adding a line to the inetd.conf file which looks like
+ this:
+ 
+-kprop	stream	tcp	nowait	root	/usr/local/sbin/kpropd	kpropd
++kprop	stream	tcp	nowait	root	/usr/kerberos/sbin/kpropd	kpropd
+ 
+ However, kpropd can also run as a standalone deamon, if the
+ .B \-S
+@@ -87,13 +87,13 @@
+ \fB\-f\fP \fIfile\fP
+ specifies the filename where the dumped principal database file is to be
+ stored; by default the dumped database file is KPROPD_DEFAULT_FILE
+-(normally /usr/local/var/krb5kdc/from_master).
++(normally /var/kerberos/krb5kdc/from_master).
+ .TP
+ .B \-p
+ allows the user to specify the pathname to the
+ .IR kdb5_util (8)
+ program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
+-(normally /usr/local/sbin/kdb5_util).
++(normally /usr/kerberos/sbin/kdb5_util).
+ .TP
+ .B \-S
+ turn on standalone mode.  Normally, kpropd is invoked out of
+@@ -124,14 +124,14 @@
+ allows the user to specify the path to the
+ .KR kpropd.acl
+ file; by default the path used is KPROPD_ACL_FILE
+-(normally /usr/local/var/krb5kdc/kpropd.acl).
++(normally /var/kerberos/krb5kdc/kpropd.acl).
+ .SH FILES
+ .TP "\w'kpropd.acl\ \ 'u"
+ kpropd.acl
+ Access file for
+ .BR kpropd ;
+ the default location is KPROPD_ACL_FILE (normally
+-/usr/local/var/krb5kdc/kpropd.acl).
++/var/kerberos/krb5kdc/kpropd.acl).
+ Each entry is a line containing the principal of a host from which the
+ local machine will allow Kerberos database propagation via kprop.
+ .SH SEE ALSO
diff --git a/krb5-1.6.1-empty.patch b/krb5-1.6.1-empty.patch
new file mode 100644
index 0000000..cfd6b47
--- /dev/null
+++ b/krb5-1.6.1-empty.patch
@@ -0,0 +1,224 @@
+Treat empty values of KRB5CCNAME (and other variables which can't usefully
+be set to empty values) as if they were not set.
+
+diff -ur krb5-1.6.1/src/appl/bsd/krshd.c krb5-1.6.1/src/appl/bsd/krshd.c
+--- krb5-1.6.1/src/appl/bsd/krshd.c	2006-10-15 03:50:16.000000000 -0400
++++ krb5-1.6.1/src/appl/bsd/krshd.c	2007-05-18 19:51:18.000000000 -0400
+@@ -1438,7 +1438,7 @@
+      * child's environment.  This can't really have
+      * a fixed position because tz may or may not be set.
+      */
+-    if (getenv("KRB5CCNAME")) {
++    if (getenv("KRB5CCNAME") && getenv("KRB5CCNAME")[0]) {
+ 	int i;
+ 	char *buf2 = (char *)malloc(strlen(getenv("KRB5CCNAME"))
+ 			 		   +strlen("KRB5CCNAME=")+1);
+diff -ur krb5-1.6.1/src/appl/bsd/login.c krb5-1.6.1/src/appl/bsd/login.c
+--- krb5-1.6.1/src/appl/bsd/login.c	2006-08-08 15:26:40.000000000 -0400
++++ krb5-1.6.1/src/appl/bsd/login.c	2007-05-18 19:49:32.000000000 -0400
+@@ -528,7 +528,7 @@
+     login_get_kconf(kcontext);
+ 
+     /* Set up the credential cache environment variable */
+-    if (!getenv(KRB5_ENV_CCNAME)) {
++    if (!getenv(KRB5_ENV_CCNAME) || !getenv(KRB5_ENV_CCNAME)[0]) {
+ 	sprintf(ccfile, "FILE:/tmp/krb5cc_p%ld", (long) getpid());
+ 	setenv(KRB5_ENV_CCNAME, ccfile, 1);
+ 	krb5_cc_set_default_name(kcontext, ccfile);
+@@ -1763,7 +1763,7 @@
+ 	setenv ("TZ", tz, 1);
+ #endif
+ 
+-    if (ccname)
++    if (ccname && ccname[0])
+ 	setenv("KRB5CCNAME", ccname, 1);
+ 
+     setenv("HOME", pwd->pw_dir, 1);
+diff -ur krb5-1.6.1/src/appl/bsd/v4rcp.c krb5-1.6.1/src/appl/bsd/v4rcp.c
+--- krb5-1.6.1/src/appl/bsd/v4rcp.c	2006-08-08 15:26:40.000000000 -0400
++++ krb5-1.6.1/src/appl/bsd/v4rcp.c	2007-05-18 19:50:40.000000000 -0400
+@@ -1060,7 +1060,7 @@
+ 	  fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n");
+ 	  exit(1);
+ 	}
+-	if ((envaddr = getenv("KRB5REMOTEADDR"))) {
++	if ((envaddr = getenv("KRB5REMOTEADDR")) && envaddr[0]) {
+ #ifdef HAVE_INET_ATON
+ 	  inet_aton(envaddr,  &foreign.sin_addr);
+ #else
+@@ -1068,7 +1068,7 @@
+ #endif
+ 	  foreign.sin_family = AF_INET;
+ 	  envaddr = getenv("KRB5REMOTEPORT");
+-	  if (envaddr)
++	  if (envaddr && envaddr[0])
+ 	    foreign.sin_port = htons(atoi(envaddr));
+ 	  else
+ 	    foreign.sin_port = 0;
+diff -ur krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c
+--- krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c	2006-12-01 16:27:28.000000000 -0500
++++ krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c	2007-05-18 19:48:51.000000000 -0400
+@@ -205,7 +205,7 @@
+ 	return;
+ 
+     ccname = getenv("KRB5CCNAME");
+-    if (ccname) {
++    if (ccname && ccname[0]) {
+ 	retval = krb5_cc_resolve(telnet_context, ccname, &ccache);
+ 	if (!retval)
+ 	    retval = krb5_cc_destroy(telnet_context, ccache);
+diff -ur krb5-1.6.1/src/lib/kadm5/alt_prof.c krb5-1.6.1/src/lib/kadm5/alt_prof.c
+--- krb5-1.6.1/src/lib/kadm5/alt_prof.c	2006-05-15 21:45:00.000000000 -0400
++++ krb5-1.6.1/src/lib/kadm5/alt_prof.c	2007-05-18 19:17:53.000000000 -0400
+@@ -82,7 +82,8 @@
+     if (i > 0)
+ 	krb5_config_len--;
+     if (envname == NULL
+-	|| (kdc_config = getenv(envname)) == NULL)
++	|| (kdc_config = getenv(envname)) == NULL
++	|| (kdc_config[0] == '\0'))
+ 	kdc_config = fname;
+     if (kdc_config == NULL)
+ 	kdc_config_len = 0;
+@@ -494,7 +495,8 @@
+ 	       !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) {
+ 	 params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+ 	 params.admin_keytab = svalue;
+-    } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) {
++    } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME")) &&
++	       (params.admin_keytab[0] != '\0')) {
+ 	 params.admin_keytab = strdup(params.admin_keytab);
+ 	 if (params.admin_keytab)
+ 	      params.mask |= KADM5_CONFIG_ADMIN_KEYTAB;
+diff -ur krb5-1.6.1/src/lib/krb4/g_cnffile.c krb5-1.6.1/src/lib/krb4/g_cnffile.c
+--- krb5-1.6.1/src/lib/krb4/g_cnffile.c	2003-06-06 10:44:33.000000000 -0400
++++ krb5-1.6.1/src/lib/krb4/g_cnffile.c	2007-05-18 19:57:48.000000000 -0400
+@@ -89,7 +89,7 @@
+ 
+ 	/* standard V4 override first */
+ 	s = getenv("KRB_CONF");
+-	if (s) cnffile = fopen(s,"r");
++	if (s && s[0]) cnffile = fopen(s,"r");
+ 	/* if that's wrong, use V5 config */
+ 	if (!cnffile) cnffile = krb__v5_get_file("krb4_config");
+ 	/* and if V5 config doesn't have it, go to hard-coded values */
+@@ -109,7 +109,7 @@
+ 
+ 	/* standard (not really) V4 override first */
+ 	s = getenv("KRB_REALMS");
+-	if (s) realmsfile = fopen(s,"r");
++	if (s && s[0]) realmsfile = fopen(s,"r");
+ 	if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms");
+ 	if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r");
+ 
+diff -ur krb5-1.6.1/src/lib/krb4/tkt_string.c krb5-1.6.1/src/lib/krb4/tkt_string.c
+--- krb5-1.6.1/src/lib/krb4/tkt_string.c	2006-03-11 17:23:28.000000000 -0500
++++ krb5-1.6.1/src/lib/krb4/tkt_string.c	2007-05-18 19:57:57.000000000 -0400
+@@ -67,7 +67,7 @@
+ 
+     if (!*krb_ticket_string) {
+ 	env = getenv("KRBTKFILE");
+-        if (env) {
++        if (env && env[0]) {
+ 	    (void) strncpy(krb_ticket_string, env,
+ 			   sizeof(krb_ticket_string)-1);
+ 	    krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0';
+diff -ur krb5-1.6.1/src/lib/krb5/ccache/cccursor.c krb5-1.6.1/src/lib/krb5/ccache/cccursor.c
+--- krb5-1.6.1/src/lib/krb5/ccache/cccursor.c	2006-11-07 15:18:31.000000000 -0500
++++ krb5-1.6.1/src/lib/krb5/ccache/cccursor.c	2007-05-18 19:19:11.000000000 -0400
+@@ -136,7 +136,7 @@
+ 	/* fall through */
+     case CCCURSOR_ENV:
+ 	name = getenv(KRB5_ENV_CCNAME);
+-	if (name != NULL) {
++	if ((name != NULL) && (name[0] != '\0')) {
+ 	    cursor->pos = CCCURSOR_OS;
+ 	    ret = cccol_do_resolve(context, cursor, name, ccache);
+ 	    if (ret)
+diff -ur krb5-1.6.1/src/lib/krb5/os/ccdefname.c krb5-1.6.1/src/lib/krb5/os/ccdefname.c
+--- krb5-1.6.1/src/lib/krb5/os/ccdefname.c	2007-03-29 20:36:20.000000000 -0400
++++ krb5-1.6.1/src/lib/krb5/os/ccdefname.c	2007-05-18 18:32:20.000000000 -0400
+@@ -292,7 +292,7 @@
+             /* try the environment variable first */
+             new_ccname = getenv(KRB5_ENV_CCNAME);
+             
+-            if (new_ccname == NULL) {
++            if ((new_ccname == NULL) || (new_ccname[0] == '\0')) {
+                 /* fall back on the default ccache name for the OS */
+                 new_ccname = new_ccbuf;
+                 err = get_from_os (new_ccbuf, sizeof (new_ccbuf));
+diff -ur krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c
+--- krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c	2007-04-10 17:51:46.000000000 -0400
++++ krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c	2007-05-18 18:32:20.000000000 -0400
+@@ -196,7 +196,7 @@
+     if (!secure)
+     {
+         char *env = getenv("KRB5_CONFIG");
+-        if (env)
++        if (env && env[0])
+         {
+             name = malloc(strlen(env) + 1);
+             if (!name) return ENOMEM;
+@@ -250,7 +250,7 @@
+ 	filepath = DEFAULT_SECURE_PROFILE_PATH;
+     } else { 
+         filepath = getenv("KRB5_CONFIG");
+-        if (!filepath) filepath = DEFAULT_PROFILE_PATH;
++        if (!filepath || !(filepath[0])) filepath = DEFAULT_PROFILE_PATH;
+     }
+ 
+     /* count the distinct filename components */
+@@ -297,7 +297,7 @@
+     profile_filespec_t *newfiles;
+ 
+     file = getenv(KDC_PROFILE_ENV);
+-    if (file == NULL)
++    if ((file == NULL) || (file[0] == '\0'))
+ 	file = DEFAULT_KDC_PROFILE;
+ 
+     for (count = 0; (*pfiles)[count]; count++)
+diff -ur krb5-1.6.1/src/lib/krb5/os/ktdefname.c krb5-1.6.1/src/lib/krb5/os/ktdefname.c
+--- krb5-1.6.1/src/lib/krb5/os/ktdefname.c	2002-09-03 15:29:37.000000000 -0400
++++ krb5-1.6.1/src/lib/krb5/os/ktdefname.c	2007-05-18 19:19:28.000000000 -0400
+@@ -47,7 +47,7 @@
+ 	    return KRB5_CONFIG_NOTENUFSPACE;
+ 	strcpy(name, krb5_overridekeyname);
+     } else if ((context->profile_secure == FALSE) &&
+-	(cp = getenv("KRB5_KTNAME"))) {
++	(cp = getenv("KRB5_KTNAME")) && (cp[0] != '\0')) {
+ 	if ((size_t) namesize < (strlen(cp)+1))
+ 	    return KRB5_CONFIG_NOTENUFSPACE;
+ 	strcpy(name, cp);
+diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_base.c krb5-1.6.1/src/lib/krb5/rcache/rc_base.c
+--- krb5-1.6.1/src/lib/krb5/rcache/rc_base.c	2006-06-08 16:01:44.000000000 -0400
++++ krb5-1.6.1/src/lib/krb5/rcache/rc_base.c	2007-05-18 19:18:48.000000000 -0400
+@@ -94,7 +94,7 @@
+ char * krb5_rc_default_type(krb5_context context)
+ {
+     char *s;
+-    if ((s = getenv("KRB5RCACHETYPE")))
++    if ((s = getenv("KRB5RCACHETYPE")) && (s[0] != '\0'))
+ 	return s;
+     else
+ 	return "dfl";
+@@ -103,7 +103,7 @@
+ char * krb5_rc_default_name(krb5_context context)
+ {
+     char *s;
+-    if ((s = getenv("KRB5RCACHENAME")))
++    if ((s = getenv("KRB5RCACHENAME")) && (s[0] != '\0'))
+ 	return s;
+     else
+ 	return (char *) 0;
+diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_io.c krb5-1.6.1/src/lib/krb5/rcache/rc_io.c
+--- krb5-1.6.1/src/lib/krb5/rcache/rc_io.c	2006-12-18 18:11:28.000000000 -0500
++++ krb5-1.6.1/src/lib/krb5/rcache/rc_io.c	2007-05-18 18:32:20.000000000 -0400
+@@ -47,7 +47,7 @@
+ {
+     char *dir;
+ 
+-    if (!(dir = getenv("KRB5RCACHEDIR"))) {
++    if (!(dir = getenv("KRB5RCACHEDIR")) || !dir[0]) {
+ #if defined(_WIN32)
+ 	if (!(dir = getenv("TEMP")))
+ 	    if (!(dir = getenv("TMP")))
diff --git a/krb5-1.6.1-ftp-nospew.patch b/krb5-1.6.1-ftp-nospew.patch
new file mode 100644
index 0000000..f72f0ec
--- /dev/null
+++ b/krb5-1.6.1-ftp-nospew.patch
@@ -0,0 +1,50 @@
+diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c
+--- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:19:27.000000000 -0400
++++ krb5-1-6/src/appl/gssftp/ftp/cmds.c	2007-05-24 11:17:37.000000000 -0400
+@@ -168,9 +168,7 @@
+ 		}
+ 		port = htons(iport);
+ 	}
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 	host = hookup(argv[1], port);
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 	if (host) {
+ 		int overbose;
+ 
+@@ -185,28 +183,20 @@
+ 		mode = MODE_S;
+ 		stru = STRU_F;
+ 		(void) strcpy(bytename, "8"), bytesize = 8;
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 		if (autoauth) {
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 			if (do_auth() && autoencrypt) {
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+  				clevel = PROT_P;
+ 				setpbsz(1<<20);
+ 				if (command("PROT P") == COMPLETE)
+ 					dlevel = PROT_P;
+ 				else
+ 					fprintf(stderr, "ftp: couldn't enable encryption\n");
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 			}
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 			if(auth_type && clevel == PROT_C)
+ 				clevel = PROT_S;
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 			if(autologin)
+ 				(void) login(argv[1]);
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 		}
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 
+ #ifndef unix
+ /* sigh */
+@@ -221,7 +211,6 @@
+  * this ifdef is to keep someone form "porting" this to an incompatible
+  * system and not checking this out. This way they have to think about it.
+  */
+-printf("%s: at line %d\n", __FILE__, __LINE__);
+ 		overbose = verbose;
+ 		if (debug == 0)
+ 			verbose = -1;
diff --git a/krb5-1.6.1-get_opt_fixup.patch b/krb5-1.6.1-get_opt_fixup.patch
new file mode 100644
index 0000000..a1880e0
--- /dev/null
+++ b/krb5-1.6.1-get_opt_fixup.patch
@@ -0,0 +1,41 @@
+Index: src/include/k5-int.h
+===================================================================
+--- src/include/k5-int.h	(revision 19537)
++++ src/include/k5-int.h	(revision 19538)
+@@ -1048,9 +1048,9 @@
+ #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000
+ 
+ #define krb5_gic_opt_is_extended(s) \
+-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
++    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0)
+ #define krb5_gic_opt_is_shadowed(s) \
+-    (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
++    ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0)
+ 
+ 
+ typedef struct _krb5_gic_opt_private {
+Index: src/lib/krb5/krb/gic_opt.c
+===================================================================
+--- src/lib/krb5/krb/gic_opt.c	(revision 19537)
++++ src/lib/krb5/krb/gic_opt.c	(revision 19538)
+@@ -206,8 +206,18 @@
+     oe = krb5int_gic_opte_alloc(context);
+     if (NULL == oe)
+ 	return ENOMEM;
+-    memcpy(oe, opt, sizeof(*opt));
+-    /* Fix these -- overwritten by the copy */
++
++    if (opt)
++        memcpy(oe, opt, sizeof(*opt));
++
++    /*
++     * Fix the flags -- the EXTENDED flag would have been
++     * overwritten by the copy if there was one.  The
++     * SHADOWED flag is necessary to ensure that the
++     * krb5_gic_opt_ext structure that was allocated
++     * here will be freed by the library because the
++     * application is unaware of its existence.
++     */
+     oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED |
+ 		   KRB5_GET_INIT_CREDS_OPT_SHADOWED);
+ 
diff --git a/krb5.spec b/krb5.spec
index 113f2dc..0c04f03 100644
--- a/krb5.spec
+++ b/krb5.spec
@@ -14,8 +14,8 @@
 
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.6
-Release: 6
+Version: 1.6.1
+Release: 2
 # Maybe we should explode from the now-available-to-everybody tarball instead?
 # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar
 Source0: krb5-%{version}.tar.gz
@@ -46,7 +46,7 @@ Source22: ekrb5-telnet.xinetd
 Source23: krb5-%{version}-pdf.tar.gz
 Source24: krb5-tex-pdf.sh
 
-Patch2: krb5-1.3-manpage-paths.patch
+Patch2: krb5-1.6-manpage-paths.patch
 Patch3: krb5-1.3-netkit-rsh.patch
 Patch4: krb5-1.3-rlogind-environ.patch
 Patch5: krb5-1.3-ksu-access.patch
@@ -74,14 +74,13 @@ Patch40: krb5-1.4.1-telnet-environ.patch
 Patch41: krb5-1.2.7-login-lpass.patch
 Patch44: krb5-1.4.3-enospc.patch
 Patch45: krb5-1.5-gssinit.patch
-Patch46: krb5-1.6-fix-sendto_kdc-memset.dif
 Patch47: krb5-1.6-sort-of-static.patch
-Patch48: krb5-1.6-CVE-2007-0956-prelim.patch
-Patch49: krb5-1.6-CVE-2007-0957-prelim.patch
-Patch50: krb5-1.6-CVE-2007-1216-prelim.patch
 Patch51: krb5-1.6-ldap-init.patch
 Patch52: krb5-1.6-ldap-man.patch
 Patch53: krb5-1.6-nodeplibs.patch
+Patch55: krb5-1.6.1-empty.patch
+Patch56: krb5-1.6.1-get_opt_fixup.patch
+Patch57: krb5-1.6.1-ftp-nospew.patch
 
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
@@ -196,6 +195,25 @@ installed on systems which are meant provide these services.
 %endif
 
 %changelog
+* Wed Jun 27 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2
+- pull up from devel HEAD's 1.6.1-2
+
+* Thu May 24 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2
+- pull patch from svn to undo unintentional chattiness in ftp
+- pull patch from svn to handle NULL krb5_get_init_creds_opt structures
+  better in a couple of places where they're expected
+
+* Wed May 23 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-1
+- update to 1.6.1
+  - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216
+  - drop patch for sendto bug in 1.6, fixed in 1.6.1
+
+* Fri May 18 2007 Nalin Dahyabhai <nalin@redhat.com>
+- kadmind.init: don't fail outright if the default principal database
+  isn't there if it looks like we might be using the kldap plugin
+- kadmind.init: attempt to extract the key for the host-specific kadmin
+  service when we try to create the keytab
+
 * Wed May 16 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6-6
 - omit dependent libraries from the krb5-config --libs output, as using
   shared libraries (no more static libraries) makes them unnecessary and
@@ -1103,16 +1121,15 @@ installed on systems which are meant provide these services.
 %patch41 -p1 -b .login-lpass
 %patch44 -p1 -b .enospc
 %patch45 -p1 -b .gssinit
-%patch46 -p0 -b .kpasswd
 %if %{build_static}
 %patch47 -p1 -b .sort-of-static
 %endif
-%patch48 -p0 -b .CVE-2007-0956
-%patch49 -p0 -b .CVE-2007-0957
-%patch50 -p0 -b .CVE-2007-1216
 %patch51 -p0 -b .ldap_init
 %patch52 -p0 -b .ldap_man
 %patch53 -p1 -b .nodeplibs
+#%patch55 -p1 -b .empty
+%patch56 -p0 -b .get_opt_fixup
+%patch57 -p1 -b .ftp-nospew
 cp src/krb524/README README.krb524
 gzip doc/*.ps
author	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-06-27 18:14:25 +0000
committer	Nalin Dahyabhai <nalin@fedoraproject.org>	2007-06-27 18:14:25 +0000
commit	81f5873fea01d291cb5457d77e947c551d964609 (patch)
tree	c70683e6e56d46fcb9963bf02b1d0fd43a550c9a
parent	f62a0ae0e9f69bce97a4b82c0ac8480397a68083 (diff)
download	krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.gz krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.xz krb5-81f5873fea01d291cb5457d77e947c551d964609.zip