diff options
author | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-06-27 18:14:25 +0000 |
---|---|---|
committer | Nalin Dahyabhai <nalin@fedoraproject.org> | 2007-06-27 18:14:25 +0000 |
commit | 81f5873fea01d291cb5457d77e947c551d964609 (patch) | |
tree | c70683e6e56d46fcb9963bf02b1d0fd43a550c9a | |
parent | f62a0ae0e9f69bce97a4b82c0ac8480397a68083 (diff) | |
download | krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.gz krb5-81f5873fea01d291cb5457d77e947c551d964609.tar.xz krb5-81f5873fea01d291cb5457d77e947c551d964609.zip |
- pull up 1.6.1-2 from the devel branch
-rwxr-xr-x | kadmind.init | 9 | ||||
-rw-r--r-- | krb5-1.6-manpage-paths.patch | 142 | ||||
-rw-r--r-- | krb5-1.6.1-empty.patch | 224 | ||||
-rw-r--r-- | krb5-1.6.1-ftp-nospew.patch | 50 | ||||
-rw-r--r-- | krb5-1.6.1-get_opt_fixup.patch | 41 | ||||
-rw-r--r-- | krb5.spec | 39 |
6 files changed, 493 insertions, 12 deletions
diff --git a/kadmind.init b/kadmind.init index 2b22a77..8c7e108 100755 --- a/kadmind.init +++ b/kadmind.init @@ -30,7 +30,11 @@ RETVAL=0 # Shell functions to cut down on useless shell instances. start() { if [ ! -f /var/kerberos/krb5kdc/principal ] ; then - echo $"Error. Default principal database does not exist." + # Make an educated guess -- if they're using kldap somewhere, + # then we don't know for sure that this is an error. + if [ ! grep -q 'db_library.*=.*kldap' /etc/krb5.conf ] ; then + echo $"Error. Default principal database does not exist." + fi exit 0 fi if [ -f /var/kerberos/krb5kdc/kpropd.acl ] ; then @@ -39,7 +43,10 @@ start() { else if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then echo -n $"Extracting kadm5 Service Keys: " + # This should always work. /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure + # It's probably okay if this fails. + /usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/`hostname`${KRB5REALM:+@$KRB5REALM}" 2> /dev/null && success echo fi fi diff --git a/krb5-1.6-manpage-paths.patch b/krb5-1.6-manpage-paths.patch new file mode 100644 index 0000000..dda7e3f --- /dev/null +++ b/krb5-1.6-manpage-paths.patch @@ -0,0 +1,142 @@ +--- krb5-1.3/src/appl/bsd/klogind.M ++++ krb5-1.3/src/appl/bsd/klogind.M +@@ -27,7 +27,7 @@ + the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf + configuration line for \fIklogind\fP might be: + +-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c ++klogin stream tcp nowait root /usr/kerberos/sbin/klogind klogind -e5c + + When a service request is received, the following protocol is initiated: + +--- krb5-1.3/src/appl/bsd/kshd.M ++++ krb5-1.3/src/appl/bsd/kshd.M +@@ -8,7 +8,7 @@ + .SH NAME + kshd \- kerberized remote shell server + .SH SYNOPSIS +-.B /usr/local/sbin/kshd ++.B /usr/kerberos/sbin/kshd + [ + .B \-kr45ec + ] +@@ -30,7 +30,7 @@ + on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf + configuration line for \fIkrshd\fP might be: + +-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c ++kshell stream tcp nowait root /usr/kerberos/sbin/kshd kshd -5c + + When a service request is received, the following protocol is initiated: + +--- krb5-1.3/src/appl/sample/sserver/sserver.M ++++ krb5-1.3/src/appl/sample/sserver/sserver.M +@@ -59,7 +59,7 @@ + using a line in + /etc/inetd.conf that looks like this: + .PP +-sample stream tcp nowait root /usr/local/sbin/sserver sserver ++sample stream tcp nowait root /usr/kerberos/sbin/sserver sserver + .PP + Since \fBsample\fP is normally not a port defined in /etc/services, you will + usually have to add a line to /etc/services which looks like this: +--- krb5-1.3/src/appl/telnet/telnetd/telnetd.8 ++++ krb5-1.3/src/appl/telnet/telnetd/telnetd.8 +@@ -37,7 +37,7 @@ + .SM DARPA TELNET + protocol server + .SH SYNOPSIS +-.B /usr/libexec/telnetd ++.B /usr/kerberos/sbin/telnetd + [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP] + [\fB\-edebug\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP] + [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP] +--- krb5-1.3/src/config-files/kdc.conf.M ++++ krb5-1.3/src/config-files/kdc.conf.M +@@ -235,7 +235,7 @@ + realm names and the [capaths] section of its krb5.conf file + + .SH FILES +-/usr/local/var/krb5kdc/kdc.conf ++/var/kerberos/krb5kdc/kdc.conf + + .SH SEE ALSO + krb5.conf(5), krb5kdc(8) +--- krb5-1.3/src/kadmin/cli/kadmin.M ++++ krb5-1.3/src/kadmin/cli/kadmin.M +@@ -733,9 +733,9 @@ + .RS + .TP + EXAMPLE: +-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin ++kadmin: ktremove -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin + Entry for principal kadmin/admin with kvno 3 removed +- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab. ++ from keytab WRFILE:/var/kerberos/krb5kdc/kadm5.keytab. + kadmin: + .RE + .fi +--- krb5-1.3/src/slave/kprop.M ++++ krb5-1.3/src/slave/kprop.M +@@ -39,7 +39,7 @@ + This is done by transmitting the dumped database file to the slave + server over an encrypted, secure channel. The dump file must be created + by kdb5_util, and is normally KPROP_DEFAULT_FILE +-(/usr/local/var/krb5kdc/slave_datatrans). ++(/var/kerberos/krb5kdc/slave_datatrans). + .SH OPTIONS + .TP + \fB\-r\fP \fIrealm\fP +@@ -51,7 +51,7 @@ + \fB\-f\fP \fIfile\fP + specifies the filename where the dumped principal database file is to be + found; by default the dumped database file is KPROP_DEFAULT_FILE +-(normally /usr/local/var/krb5kdc/slave_datatrans). ++(normally /var/kerberos/krb5kdc/slave_datatrans). + .TP + \fB\-P\fP \fIport\fP + specifies the port to use to contact the +--- krb5-1.3/src/slave/kpropd.M ++++ krb5-1.3/src/slave/kpropd.M +@@ -69,7 +69,7 @@ + This is done by adding a line to the inetd.conf file which looks like + this: + +-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd ++kprop stream tcp nowait root /usr/kerberos/sbin/kpropd kpropd + + However, kpropd can also run as a standalone deamon, if the + .B \-S +@@ -87,13 +87,13 @@ + \fB\-f\fP \fIfile\fP + specifies the filename where the dumped principal database file is to be + stored; by default the dumped database file is KPROPD_DEFAULT_FILE +-(normally /usr/local/var/krb5kdc/from_master). ++(normally /var/kerberos/krb5kdc/from_master). + .TP + .B \-p + allows the user to specify the pathname to the + .IR kdb5_util (8) + program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL +-(normally /usr/local/sbin/kdb5_util). ++(normally /usr/kerberos/sbin/kdb5_util). + .TP + .B \-S + turn on standalone mode. Normally, kpropd is invoked out of +@@ -124,14 +124,14 @@ + allows the user to specify the path to the + .KR kpropd.acl + file; by default the path used is KPROPD_ACL_FILE +-(normally /usr/local/var/krb5kdc/kpropd.acl). ++(normally /var/kerberos/krb5kdc/kpropd.acl). + .SH FILES + .TP "\w'kpropd.acl\ \ 'u" + kpropd.acl + Access file for + .BR kpropd ; + the default location is KPROPD_ACL_FILE (normally +-/usr/local/var/krb5kdc/kpropd.acl). ++/var/kerberos/krb5kdc/kpropd.acl). + Each entry is a line containing the principal of a host from which the + local machine will allow Kerberos database propagation via kprop. + .SH SEE ALSO diff --git a/krb5-1.6.1-empty.patch b/krb5-1.6.1-empty.patch new file mode 100644 index 0000000..cfd6b47 --- /dev/null +++ b/krb5-1.6.1-empty.patch @@ -0,0 +1,224 @@ +Treat empty values of KRB5CCNAME (and other variables which can't usefully +be set to empty values) as if they were not set. + +diff -ur krb5-1.6.1/src/appl/bsd/krshd.c krb5-1.6.1/src/appl/bsd/krshd.c +--- krb5-1.6.1/src/appl/bsd/krshd.c 2006-10-15 03:50:16.000000000 -0400 ++++ krb5-1.6.1/src/appl/bsd/krshd.c 2007-05-18 19:51:18.000000000 -0400 +@@ -1438,7 +1438,7 @@ + * child's environment. This can't really have + * a fixed position because tz may or may not be set. + */ +- if (getenv("KRB5CCNAME")) { ++ if (getenv("KRB5CCNAME") && getenv("KRB5CCNAME")[0]) { + int i; + char *buf2 = (char *)malloc(strlen(getenv("KRB5CCNAME")) + +strlen("KRB5CCNAME=")+1); +diff -ur krb5-1.6.1/src/appl/bsd/login.c krb5-1.6.1/src/appl/bsd/login.c +--- krb5-1.6.1/src/appl/bsd/login.c 2006-08-08 15:26:40.000000000 -0400 ++++ krb5-1.6.1/src/appl/bsd/login.c 2007-05-18 19:49:32.000000000 -0400 +@@ -528,7 +528,7 @@ + login_get_kconf(kcontext); + + /* Set up the credential cache environment variable */ +- if (!getenv(KRB5_ENV_CCNAME)) { ++ if (!getenv(KRB5_ENV_CCNAME) || !getenv(KRB5_ENV_CCNAME)[0]) { + sprintf(ccfile, "FILE:/tmp/krb5cc_p%ld", (long) getpid()); + setenv(KRB5_ENV_CCNAME, ccfile, 1); + krb5_cc_set_default_name(kcontext, ccfile); +@@ -1763,7 +1763,7 @@ + setenv ("TZ", tz, 1); + #endif + +- if (ccname) ++ if (ccname && ccname[0]) + setenv("KRB5CCNAME", ccname, 1); + + setenv("HOME", pwd->pw_dir, 1); +diff -ur krb5-1.6.1/src/appl/bsd/v4rcp.c krb5-1.6.1/src/appl/bsd/v4rcp.c +--- krb5-1.6.1/src/appl/bsd/v4rcp.c 2006-08-08 15:26:40.000000000 -0400 ++++ krb5-1.6.1/src/appl/bsd/v4rcp.c 2007-05-18 19:50:40.000000000 -0400 +@@ -1060,7 +1060,7 @@ + fprintf(stderr, "v4rcp: couldn't get local address (KRB5LOCALADDR)\n"); + exit(1); + } +- if ((envaddr = getenv("KRB5REMOTEADDR"))) { ++ if ((envaddr = getenv("KRB5REMOTEADDR")) && envaddr[0]) { + #ifdef HAVE_INET_ATON + inet_aton(envaddr, &foreign.sin_addr); + #else +@@ -1068,7 +1068,7 @@ + #endif + foreign.sin_family = AF_INET; + envaddr = getenv("KRB5REMOTEPORT"); +- if (envaddr) ++ if (envaddr && envaddr[0]) + foreign.sin_port = htons(atoi(envaddr)); + else + foreign.sin_port = 0; +diff -ur krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c +--- krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c 2006-12-01 16:27:28.000000000 -0500 ++++ krb5-1.6.1/src/appl/telnet/libtelnet/kerberos5.c 2007-05-18 19:48:51.000000000 -0400 +@@ -205,7 +205,7 @@ + return; + + ccname = getenv("KRB5CCNAME"); +- if (ccname) { ++ if (ccname && ccname[0]) { + retval = krb5_cc_resolve(telnet_context, ccname, &ccache); + if (!retval) + retval = krb5_cc_destroy(telnet_context, ccache); +diff -ur krb5-1.6.1/src/lib/kadm5/alt_prof.c krb5-1.6.1/src/lib/kadm5/alt_prof.c +--- krb5-1.6.1/src/lib/kadm5/alt_prof.c 2006-05-15 21:45:00.000000000 -0400 ++++ krb5-1.6.1/src/lib/kadm5/alt_prof.c 2007-05-18 19:17:53.000000000 -0400 +@@ -82,7 +82,8 @@ + if (i > 0) + krb5_config_len--; + if (envname == NULL +- || (kdc_config = getenv(envname)) == NULL) ++ || (kdc_config = getenv(envname)) == NULL ++ || (kdc_config[0] == '\0')) + kdc_config = fname; + if (kdc_config == NULL) + kdc_config_len = 0; +@@ -494,7 +495,8 @@ + !krb5_aprof_get_string(aprofile, hierarchy, TRUE, &svalue)) { + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; + params.admin_keytab = svalue; +- } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME"))) { ++ } else if ((params.admin_keytab = (char *) getenv("KRB5_KTNAME")) && ++ (params.admin_keytab[0] != '\0')) { + params.admin_keytab = strdup(params.admin_keytab); + if (params.admin_keytab) + params.mask |= KADM5_CONFIG_ADMIN_KEYTAB; +diff -ur krb5-1.6.1/src/lib/krb4/g_cnffile.c krb5-1.6.1/src/lib/krb4/g_cnffile.c +--- krb5-1.6.1/src/lib/krb4/g_cnffile.c 2003-06-06 10:44:33.000000000 -0400 ++++ krb5-1.6.1/src/lib/krb4/g_cnffile.c 2007-05-18 19:57:48.000000000 -0400 +@@ -89,7 +89,7 @@ + + /* standard V4 override first */ + s = getenv("KRB_CONF"); +- if (s) cnffile = fopen(s,"r"); ++ if (s && s[0]) cnffile = fopen(s,"r"); + /* if that's wrong, use V5 config */ + if (!cnffile) cnffile = krb__v5_get_file("krb4_config"); + /* and if V5 config doesn't have it, go to hard-coded values */ +@@ -109,7 +109,7 @@ + + /* standard (not really) V4 override first */ + s = getenv("KRB_REALMS"); +- if (s) realmsfile = fopen(s,"r"); ++ if (s && s[0]) realmsfile = fopen(s,"r"); + if (!realmsfile) realmsfile = krb__v5_get_file("krb4_realms"); + if (!realmsfile) realmsfile = fopen(KRB_RLM_TRANS, "r"); + +diff -ur krb5-1.6.1/src/lib/krb4/tkt_string.c krb5-1.6.1/src/lib/krb4/tkt_string.c +--- krb5-1.6.1/src/lib/krb4/tkt_string.c 2006-03-11 17:23:28.000000000 -0500 ++++ krb5-1.6.1/src/lib/krb4/tkt_string.c 2007-05-18 19:57:57.000000000 -0400 +@@ -67,7 +67,7 @@ + + if (!*krb_ticket_string) { + env = getenv("KRBTKFILE"); +- if (env) { ++ if (env && env[0]) { + (void) strncpy(krb_ticket_string, env, + sizeof(krb_ticket_string)-1); + krb_ticket_string[sizeof(krb_ticket_string)-1] = '\0'; +diff -ur krb5-1.6.1/src/lib/krb5/ccache/cccursor.c krb5-1.6.1/src/lib/krb5/ccache/cccursor.c +--- krb5-1.6.1/src/lib/krb5/ccache/cccursor.c 2006-11-07 15:18:31.000000000 -0500 ++++ krb5-1.6.1/src/lib/krb5/ccache/cccursor.c 2007-05-18 19:19:11.000000000 -0400 +@@ -136,7 +136,7 @@ + /* fall through */ + case CCCURSOR_ENV: + name = getenv(KRB5_ENV_CCNAME); +- if (name != NULL) { ++ if ((name != NULL) && (name[0] != '\0')) { + cursor->pos = CCCURSOR_OS; + ret = cccol_do_resolve(context, cursor, name, ccache); + if (ret) +diff -ur krb5-1.6.1/src/lib/krb5/os/ccdefname.c krb5-1.6.1/src/lib/krb5/os/ccdefname.c +--- krb5-1.6.1/src/lib/krb5/os/ccdefname.c 2007-03-29 20:36:20.000000000 -0400 ++++ krb5-1.6.1/src/lib/krb5/os/ccdefname.c 2007-05-18 18:32:20.000000000 -0400 +@@ -292,7 +292,7 @@ + /* try the environment variable first */ + new_ccname = getenv(KRB5_ENV_CCNAME); + +- if (new_ccname == NULL) { ++ if ((new_ccname == NULL) || (new_ccname[0] == '\0')) { + /* fall back on the default ccache name for the OS */ + new_ccname = new_ccbuf; + err = get_from_os (new_ccbuf, sizeof (new_ccbuf)); +diff -ur krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c +--- krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c 2007-04-10 17:51:46.000000000 -0400 ++++ krb5-1.6.1/src/lib/krb5/os/init_os_ctx.c 2007-05-18 18:32:20.000000000 -0400 +@@ -196,7 +196,7 @@ + if (!secure) + { + char *env = getenv("KRB5_CONFIG"); +- if (env) ++ if (env && env[0]) + { + name = malloc(strlen(env) + 1); + if (!name) return ENOMEM; +@@ -250,7 +250,7 @@ + filepath = DEFAULT_SECURE_PROFILE_PATH; + } else { + filepath = getenv("KRB5_CONFIG"); +- if (!filepath) filepath = DEFAULT_PROFILE_PATH; ++ if (!filepath || !(filepath[0])) filepath = DEFAULT_PROFILE_PATH; + } + + /* count the distinct filename components */ +@@ -297,7 +297,7 @@ + profile_filespec_t *newfiles; + + file = getenv(KDC_PROFILE_ENV); +- if (file == NULL) ++ if ((file == NULL) || (file[0] == '\0')) + file = DEFAULT_KDC_PROFILE; + + for (count = 0; (*pfiles)[count]; count++) +diff -ur krb5-1.6.1/src/lib/krb5/os/ktdefname.c krb5-1.6.1/src/lib/krb5/os/ktdefname.c +--- krb5-1.6.1/src/lib/krb5/os/ktdefname.c 2002-09-03 15:29:37.000000000 -0400 ++++ krb5-1.6.1/src/lib/krb5/os/ktdefname.c 2007-05-18 19:19:28.000000000 -0400 +@@ -47,7 +47,7 @@ + return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, krb5_overridekeyname); + } else if ((context->profile_secure == FALSE) && +- (cp = getenv("KRB5_KTNAME"))) { ++ (cp = getenv("KRB5_KTNAME")) && (cp[0] != '\0')) { + if ((size_t) namesize < (strlen(cp)+1)) + return KRB5_CONFIG_NOTENUFSPACE; + strcpy(name, cp); +diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_base.c krb5-1.6.1/src/lib/krb5/rcache/rc_base.c +--- krb5-1.6.1/src/lib/krb5/rcache/rc_base.c 2006-06-08 16:01:44.000000000 -0400 ++++ krb5-1.6.1/src/lib/krb5/rcache/rc_base.c 2007-05-18 19:18:48.000000000 -0400 +@@ -94,7 +94,7 @@ + char * krb5_rc_default_type(krb5_context context) + { + char *s; +- if ((s = getenv("KRB5RCACHETYPE"))) ++ if ((s = getenv("KRB5RCACHETYPE")) && (s[0] != '\0')) + return s; + else + return "dfl"; +@@ -103,7 +103,7 @@ + char * krb5_rc_default_name(krb5_context context) + { + char *s; +- if ((s = getenv("KRB5RCACHENAME"))) ++ if ((s = getenv("KRB5RCACHENAME")) && (s[0] != '\0')) + return s; + else + return (char *) 0; +diff -ur krb5-1.6.1/src/lib/krb5/rcache/rc_io.c krb5-1.6.1/src/lib/krb5/rcache/rc_io.c +--- krb5-1.6.1/src/lib/krb5/rcache/rc_io.c 2006-12-18 18:11:28.000000000 -0500 ++++ krb5-1.6.1/src/lib/krb5/rcache/rc_io.c 2007-05-18 18:32:20.000000000 -0400 +@@ -47,7 +47,7 @@ + { + char *dir; + +- if (!(dir = getenv("KRB5RCACHEDIR"))) { ++ if (!(dir = getenv("KRB5RCACHEDIR")) || !dir[0]) { + #if defined(_WIN32) + if (!(dir = getenv("TEMP"))) + if (!(dir = getenv("TMP"))) diff --git a/krb5-1.6.1-ftp-nospew.patch b/krb5-1.6.1-ftp-nospew.patch new file mode 100644 index 0000000..f72f0ec --- /dev/null +++ b/krb5-1.6.1-ftp-nospew.patch @@ -0,0 +1,50 @@ +diff -uNr krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c krb5-1-6/src/appl/gssftp/ftp/cmds.c +--- krb5-1-6-1-final/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:19:27.000000000 -0400 ++++ krb5-1-6/src/appl/gssftp/ftp/cmds.c 2007-05-24 11:17:37.000000000 -0400 +@@ -168,9 +168,7 @@ + } + port = htons(iport); + } +-printf("%s: at line %d\n", __FILE__, __LINE__); + host = hookup(argv[1], port); +-printf("%s: at line %d\n", __FILE__, __LINE__); + if (host) { + int overbose; + +@@ -185,28 +183,20 @@ + mode = MODE_S; + stru = STRU_F; + (void) strcpy(bytename, "8"), bytesize = 8; +-printf("%s: at line %d\n", __FILE__, __LINE__); + if (autoauth) { +-printf("%s: at line %d\n", __FILE__, __LINE__); + if (do_auth() && autoencrypt) { +-printf("%s: at line %d\n", __FILE__, __LINE__); + clevel = PROT_P; + setpbsz(1<<20); + if (command("PROT P") == COMPLETE) + dlevel = PROT_P; + else + fprintf(stderr, "ftp: couldn't enable encryption\n"); +-printf("%s: at line %d\n", __FILE__, __LINE__); + } +-printf("%s: at line %d\n", __FILE__, __LINE__); + if(auth_type && clevel == PROT_C) + clevel = PROT_S; +-printf("%s: at line %d\n", __FILE__, __LINE__); + if(autologin) + (void) login(argv[1]); +-printf("%s: at line %d\n", __FILE__, __LINE__); + } +-printf("%s: at line %d\n", __FILE__, __LINE__); + + #ifndef unix + /* sigh */ +@@ -221,7 +211,6 @@ + * this ifdef is to keep someone form "porting" this to an incompatible + * system and not checking this out. This way they have to think about it. + */ +-printf("%s: at line %d\n", __FILE__, __LINE__); + overbose = verbose; + if (debug == 0) + verbose = -1; diff --git a/krb5-1.6.1-get_opt_fixup.patch b/krb5-1.6.1-get_opt_fixup.patch new file mode 100644 index 0000000..a1880e0 --- /dev/null +++ b/krb5-1.6.1-get_opt_fixup.patch @@ -0,0 +1,41 @@ +Index: src/include/k5-int.h +=================================================================== +--- src/include/k5-int.h (revision 19537) ++++ src/include/k5-int.h (revision 19538) +@@ -1048,9 +1048,9 @@ + #define KRB5_GET_INIT_CREDS_OPT_SHADOWED 0x40000000 + + #define krb5_gic_opt_is_extended(s) \ +- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) ++ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_EXTENDED) ? 1 : 0) + #define krb5_gic_opt_is_shadowed(s) \ +- (((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) ++ ((s) && ((s)->flags & KRB5_GET_INIT_CREDS_OPT_SHADOWED) ? 1 : 0) + + + typedef struct _krb5_gic_opt_private { +Index: src/lib/krb5/krb/gic_opt.c +=================================================================== +--- src/lib/krb5/krb/gic_opt.c (revision 19537) ++++ src/lib/krb5/krb/gic_opt.c (revision 19538) +@@ -206,8 +206,18 @@ + oe = krb5int_gic_opte_alloc(context); + if (NULL == oe) + return ENOMEM; +- memcpy(oe, opt, sizeof(*opt)); +- /* Fix these -- overwritten by the copy */ ++ ++ if (opt) ++ memcpy(oe, opt, sizeof(*opt)); ++ ++ /* ++ * Fix the flags -- the EXTENDED flag would have been ++ * overwritten by the copy if there was one. The ++ * SHADOWED flag is necessary to ensure that the ++ * krb5_gic_opt_ext structure that was allocated ++ * here will be freed by the library because the ++ * application is unaware of its existence. ++ */ + oe->flags |= ( KRB5_GET_INIT_CREDS_OPT_EXTENDED | + KRB5_GET_INIT_CREDS_OPT_SHADOWED); + @@ -14,8 +14,8 @@ Summary: The Kerberos network authentication system. Name: krb5 -Version: 1.6 -Release: 6 +Version: 1.6.1 +Release: 2 # Maybe we should explode from the now-available-to-everybody tarball instead? # http://web.mit.edu/kerberos/dist/krb5/1.5/krb5-1.5-signed.tar Source0: krb5-%{version}.tar.gz @@ -46,7 +46,7 @@ Source22: ekrb5-telnet.xinetd Source23: krb5-%{version}-pdf.tar.gz Source24: krb5-tex-pdf.sh -Patch2: krb5-1.3-manpage-paths.patch +Patch2: krb5-1.6-manpage-paths.patch Patch3: krb5-1.3-netkit-rsh.patch Patch4: krb5-1.3-rlogind-environ.patch Patch5: krb5-1.3-ksu-access.patch @@ -74,14 +74,13 @@ Patch40: krb5-1.4.1-telnet-environ.patch Patch41: krb5-1.2.7-login-lpass.patch Patch44: krb5-1.4.3-enospc.patch Patch45: krb5-1.5-gssinit.patch -Patch46: krb5-1.6-fix-sendto_kdc-memset.dif Patch47: krb5-1.6-sort-of-static.patch -Patch48: krb5-1.6-CVE-2007-0956-prelim.patch -Patch49: krb5-1.6-CVE-2007-0957-prelim.patch -Patch50: krb5-1.6-CVE-2007-1216-prelim.patch Patch51: krb5-1.6-ldap-init.patch Patch52: krb5-1.6-ldap-man.patch Patch53: krb5-1.6-nodeplibs.patch +Patch55: krb5-1.6.1-empty.patch +Patch56: krb5-1.6.1-get_opt_fixup.patch +Patch57: krb5-1.6.1-ftp-nospew.patch License: MIT, freely distributable. URL: http://web.mit.edu/kerberos/www/ @@ -196,6 +195,25 @@ installed on systems which are meant provide these services. %endif %changelog +* Wed Jun 27 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2 +- pull up from devel HEAD's 1.6.1-2 + +* Thu May 24 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-2 +- pull patch from svn to undo unintentional chattiness in ftp +- pull patch from svn to handle NULL krb5_get_init_creds_opt structures + better in a couple of places where they're expected + +* Wed May 23 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6.1-1 +- update to 1.6.1 + - drop no-longer-needed patches for CVE-2007-0956,CVE-2007-0957,CVE-2007-1216 + - drop patch for sendto bug in 1.6, fixed in 1.6.1 + +* Fri May 18 2007 Nalin Dahyabhai <nalin@redhat.com> +- kadmind.init: don't fail outright if the default principal database + isn't there if it looks like we might be using the kldap plugin +- kadmind.init: attempt to extract the key for the host-specific kadmin + service when we try to create the keytab + * Wed May 16 2007 Nalin Dahyabhai <nalin@redhat.com> 1.6-6 - omit dependent libraries from the krb5-config --libs output, as using shared libraries (no more static libraries) makes them unnecessary and @@ -1103,16 +1121,15 @@ installed on systems which are meant provide these services. %patch41 -p1 -b .login-lpass %patch44 -p1 -b .enospc %patch45 -p1 -b .gssinit -%patch46 -p0 -b .kpasswd %if %{build_static} %patch47 -p1 -b .sort-of-static %endif -%patch48 -p0 -b .CVE-2007-0956 -%patch49 -p0 -b .CVE-2007-0957 -%patch50 -p0 -b .CVE-2007-1216 %patch51 -p0 -b .ldap_init %patch52 -p0 -b .ldap_man %patch53 -p1 -b .nodeplibs +#%patch55 -p1 -b .empty +%patch56 -p0 -b .get_opt_fixup +%patch57 -p1 -b .ftp-nospew cp src/krb524/README README.krb524 gzip doc/*.ps |