From 26f8bba482dd7c297127c5605c84beafa47f2fe5ed38ac04a0ce1b581077b0a2 Mon Sep 17 00:00:00 2001 From: Michael Calmer Date: Wed, 21 Apr 2010 08:32:07 +0000 Subject: [PATCH 1/3] - fix a double free vulnerability in the KDC CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=21 --- krb5-1.7-MITKRB5-SA-2010-004.dif | 20 ++++++++++++++++++ krb5-doc.spec | 2 +- krb5-mini.changes | 6 ++++++ krb5-mini.spec | 36 +++++++++++++++++--------------- krb5.changes | 6 ++++++ krb5.spec | 34 ++++++++++++++++-------------- 6 files changed, 70 insertions(+), 34 deletions(-) create mode 100644 krb5-1.7-MITKRB5-SA-2010-004.dif diff --git a/krb5-1.7-MITKRB5-SA-2010-004.dif b/krb5-1.7-MITKRB5-SA-2010-004.dif new file mode 100644 index 0000000..cae64a7 --- /dev/null +++ b/krb5-1.7-MITKRB5-SA-2010-004.dif @@ -0,0 +1,20 @@ +Index: krb5-1.8.1/src/kdc/do_tgs_req.c +=================================================================== +--- krb5-1.8.1.orig/src/kdc/do_tgs_req.c ++++ krb5-1.8.1/src/kdc/do_tgs_req.c +@@ -543,6 +543,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + clear(enc_tkt_reply.flags, TKT_FLG_INVALID); + } + +@@ -554,6 +555,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + + old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; + diff --git a/krb5-doc.spec b/krb5-doc.spec index 63e4b59..e7fae99 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.1 -Release: 1 +Release: 2 %define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index 11e8703..32d8015 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de + +- fix a double free vulnerability in the KDC + CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) + ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 09d5318..4be3300 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-mini (Version 1.8.1) +# spec file for package krb5 (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 1 +Release: 2 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,14 +47,15 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch2: krb5-1.6.1-compile_pie.dif -Patch20: krb5-1.6.3-kprop-use-mkstemp.dif -Patch30: krb5-1.7-manpaths.dif -Patch32: krb5-1.4.3-enospc.dif -Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch41: krb5-1.6.3-kpasswd_tcp.patch -Patch44: krb5-1.6.3-ktutil-manpage.dif -Patch46: krb5-1.6.3-fix-ipv6-query.dif +Patch1: krb5-1.6.1-compile_pie.dif +Patch2: krb5-1.6.3-kprop-use-mkstemp.dif +Patch3: krb5-1.7-manpaths.dif +Patch4: krb5-1.4.3-enospc.dif +Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch6: krb5-1.6.3-kpasswd_tcp.patch +Patch7: krb5-1.6.3-ktutil-manpage.dif +Patch8: krb5-1.6.3-fix-ipv6-query.dif +Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -194,14 +195,15 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} +%patch1 %patch2 -%patch20 -%patch30 -p1 -%patch32 -p1 -%patch34 -p1 -%patch41 -%patch44 -p1 -%patch46 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 11e8703..32d8015 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de + +- fix a double free vulnerability in the KDC + CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) + ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index ec8384f..b0de780 100644 --- a/krb5.spec +++ b/krb5.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 1 +Release: 2 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,14 +47,15 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch2: krb5-1.6.1-compile_pie.dif -Patch20: krb5-1.6.3-kprop-use-mkstemp.dif -Patch30: krb5-1.7-manpaths.dif -Patch32: krb5-1.4.3-enospc.dif -Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch41: krb5-1.6.3-kpasswd_tcp.patch -Patch44: krb5-1.6.3-ktutil-manpage.dif -Patch46: krb5-1.6.3-fix-ipv6-query.dif +Patch1: krb5-1.6.1-compile_pie.dif +Patch2: krb5-1.6.3-kprop-use-mkstemp.dif +Patch3: krb5-1.7-manpaths.dif +Patch4: krb5-1.4.3-enospc.dif +Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch6: krb5-1.6.3-kpasswd_tcp.patch +Patch7: krb5-1.6.3-ktutil-manpage.dif +Patch8: krb5-1.6.3-fix-ipv6-query.dif +Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -194,14 +195,15 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} +%patch1 %patch2 -%patch20 -%patch30 -p1 -%patch32 -p1 -%patch34 -p1 -%patch41 -%patch44 -p1 -%patch46 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From 8eb1b656d3bfdfc12e21000e7bd2167f57101cf24526869b9cea3bd3a007d712 Mon Sep 17 00:00:00 2001 From: OBS User autobuild Date: Fri, 23 Apr 2010 17:17:37 +0000 Subject: [PATCH 2/3] Accepting request 38408 from network checked in (request 38408) OBS-URL: https://build.opensuse.org/request/show/38408 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=22 --- krb5-1.7-MITKRB5-SA-2010-004.dif | 20 ------------------ krb5-doc.spec | 2 +- krb5-mini.changes | 6 ------ krb5-mini.spec | 36 +++++++++++++++----------------- krb5.changes | 6 ------ krb5.spec | 34 ++++++++++++++---------------- 6 files changed, 34 insertions(+), 70 deletions(-) delete mode 100644 krb5-1.7-MITKRB5-SA-2010-004.dif diff --git a/krb5-1.7-MITKRB5-SA-2010-004.dif b/krb5-1.7-MITKRB5-SA-2010-004.dif deleted file mode 100644 index cae64a7..0000000 --- a/krb5-1.7-MITKRB5-SA-2010-004.dif +++ /dev/null @@ -1,20 +0,0 @@ -Index: krb5-1.8.1/src/kdc/do_tgs_req.c -=================================================================== ---- krb5-1.8.1.orig/src/kdc/do_tgs_req.c -+++ krb5-1.8.1/src/kdc/do_tgs_req.c -@@ -543,6 +543,7 @@ tgt_again: - to the caller */ - ticket_reply = *(header_ticket); - enc_tkt_reply = *(header_ticket->enc_part2); -+ enc_tkt_reply.authorization_data = NULL; - clear(enc_tkt_reply.flags, TKT_FLG_INVALID); - } - -@@ -554,6 +555,7 @@ tgt_again: - to the caller */ - ticket_reply = *(header_ticket); - enc_tkt_reply = *(header_ticket->enc_part2); -+ enc_tkt_reply.authorization_data = NULL; - - old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; - diff --git a/krb5-doc.spec b/krb5-doc.spec index e7fae99..63e4b59 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.1 -Release: 2 +Release: 1 %define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index 32d8015..11e8703 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de - -- fix a double free vulnerability in the KDC - CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) - ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 4be3300..09d5318 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5 (Version 1.8.1) +# spec file for package krb5-mini (Version 1.8.1) # # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 2 +Release: 1 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,15 +47,14 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch1: krb5-1.6.1-compile_pie.dif -Patch2: krb5-1.6.3-kprop-use-mkstemp.dif -Patch3: krb5-1.7-manpaths.dif -Patch4: krb5-1.4.3-enospc.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.6.3-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch8: krb5-1.6.3-fix-ipv6-query.dif -Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch2: krb5-1.6.1-compile_pie.dif +Patch20: krb5-1.6.3-kprop-use-mkstemp.dif +Patch30: krb5-1.7-manpaths.dif +Patch32: krb5-1.4.3-enospc.dif +Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch41: krb5-1.6.3-kpasswd_tcp.patch +Patch44: krb5-1.6.3-ktutil-manpage.dif +Patch46: krb5-1.6.3-fix-ipv6-query.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -195,15 +194,14 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch1 %patch2 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch20 +%patch30 -p1 +%patch32 -p1 +%patch34 -p1 +%patch41 +%patch44 -p1 +%patch46 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 32d8015..11e8703 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,9 +1,3 @@ -------------------------------------------------------------------- -Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de - -- fix a double free vulnerability in the KDC - CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) - ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index b0de780..ec8384f 100644 --- a/krb5.spec +++ b/krb5.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 2 +Release: 1 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,15 +47,14 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch1: krb5-1.6.1-compile_pie.dif -Patch2: krb5-1.6.3-kprop-use-mkstemp.dif -Patch3: krb5-1.7-manpaths.dif -Patch4: krb5-1.4.3-enospc.dif -Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch6: krb5-1.6.3-kpasswd_tcp.patch -Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch8: krb5-1.6.3-fix-ipv6-query.dif -Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif +Patch2: krb5-1.6.1-compile_pie.dif +Patch20: krb5-1.6.3-kprop-use-mkstemp.dif +Patch30: krb5-1.7-manpaths.dif +Patch32: krb5-1.4.3-enospc.dif +Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch41: krb5-1.6.3-kpasswd_tcp.patch +Patch44: krb5-1.6.3-ktutil-manpage.dif +Patch46: krb5-1.6.3-fix-ipv6-query.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -195,15 +194,14 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch1 %patch2 -%patch3 -p1 -%patch4 -p1 -%patch5 -p1 -%patch6 -%patch7 -p1 -%patch8 -p1 -%patch9 -p1 +%patch20 +%patch30 -p1 +%patch32 -p1 +%patch34 -p1 +%patch41 +%patch44 -p1 +%patch46 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do From b4fda1ea93142d5214b0fa2afc1bccd5e024ce14d6bd9f3c7d88e13cd6fdd109 Mon Sep 17 00:00:00 2001 From: OBS User buildservice-autocommit Date: Fri, 23 Apr 2010 17:17:38 +0000 Subject: [PATCH 3/3] Updating link to change in openSUSE:Factory/krb5 revision 50.0 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=9e2221a1d23355de5bbe8ae3fe775e8d --- krb5-1.7-MITKRB5-SA-2010-004.dif | 20 +++++++++++++++++++ krb5-doc.spec | 2 +- krb5-mini.changes | 6 ++++++ krb5-mini.spec | 34 +++++++++++++++++--------------- krb5.changes | 6 ++++++ krb5.spec | 34 +++++++++++++++++--------------- 6 files changed, 69 insertions(+), 33 deletions(-) create mode 100644 krb5-1.7-MITKRB5-SA-2010-004.dif diff --git a/krb5-1.7-MITKRB5-SA-2010-004.dif b/krb5-1.7-MITKRB5-SA-2010-004.dif new file mode 100644 index 0000000..cae64a7 --- /dev/null +++ b/krb5-1.7-MITKRB5-SA-2010-004.dif @@ -0,0 +1,20 @@ +Index: krb5-1.8.1/src/kdc/do_tgs_req.c +=================================================================== +--- krb5-1.8.1.orig/src/kdc/do_tgs_req.c ++++ krb5-1.8.1/src/kdc/do_tgs_req.c +@@ -543,6 +543,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + clear(enc_tkt_reply.flags, TKT_FLG_INVALID); + } + +@@ -554,6 +555,7 @@ tgt_again: + to the caller */ + ticket_reply = *(header_ticket); + enc_tkt_reply = *(header_ticket->enc_part2); ++ enc_tkt_reply.authorization_data = NULL; + + old_life = enc_tkt_reply.times.endtime - enc_tkt_reply.times.starttime; + diff --git a/krb5-doc.spec b/krb5-doc.spec index 63e4b59..e7fae99 100644 --- a/krb5-doc.spec +++ b/krb5-doc.spec @@ -21,7 +21,7 @@ Name: krb5-doc BuildRequires: ghostscript-library latex2html texlive Version: 1.8.1 -Release: 1 +Release: 2 %define srcRoot krb5-1.8.1 Summary: MIT Kerberos5 Implementation--Documentation License: MIT License (or similar) diff --git a/krb5-mini.changes b/krb5-mini.changes index 11e8703..32d8015 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de + +- fix a double free vulnerability in the KDC + CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) + ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5-mini.spec b/krb5-mini.spec index 09d5318..6162c53 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 1 +Release: 2 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,14 +47,15 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch2: krb5-1.6.1-compile_pie.dif -Patch20: krb5-1.6.3-kprop-use-mkstemp.dif -Patch30: krb5-1.7-manpaths.dif -Patch32: krb5-1.4.3-enospc.dif -Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch41: krb5-1.6.3-kpasswd_tcp.patch -Patch44: krb5-1.6.3-ktutil-manpage.dif -Patch46: krb5-1.6.3-fix-ipv6-query.dif +Patch1: krb5-1.6.1-compile_pie.dif +Patch2: krb5-1.6.3-kprop-use-mkstemp.dif +Patch3: krb5-1.7-manpaths.dif +Patch4: krb5-1.4.3-enospc.dif +Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch6: krb5-1.6.3-kpasswd_tcp.patch +Patch7: krb5-1.6.3-ktutil-manpage.dif +Patch8: krb5-1.6.3-fix-ipv6-query.dif +Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -194,14 +195,15 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} +%patch1 %patch2 -%patch20 -%patch30 -p1 -%patch32 -p1 -%patch34 -p1 -%patch41 -%patch44 -p1 -%patch46 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do diff --git a/krb5.changes b/krb5.changes index 11e8703..32d8015 100644 --- a/krb5.changes +++ b/krb5.changes @@ -1,3 +1,9 @@ +------------------------------------------------------------------- +Wed Apr 14 11:36:32 CEST 2010 - mc@suse.de + +- fix a double free vulnerability in the KDC + CVE-2010-1320, MITKRB5-SA-2010-004 (bnc#596002) + ------------------------------------------------------------------- Fri Apr 9 12:43:44 CEST 2010 - mc@suse.de diff --git a/krb5.spec b/krb5.spec index ec8384f..b0de780 100644 --- a/krb5.spec +++ b/krb5.spec @@ -28,7 +28,7 @@ Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel Version: 1.8.1 -Release: 1 +Release: 2 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel # bug437293 @@ -47,14 +47,15 @@ Source1: vendor-files.tar.bz2 Source2: baselibs.conf Source5: krb5-%{version}-rpmlintrc Source10: krb5-1.7-manpaths.txt -Patch2: krb5-1.6.1-compile_pie.dif -Patch20: krb5-1.6.3-kprop-use-mkstemp.dif -Patch30: krb5-1.7-manpaths.dif -Patch32: krb5-1.4.3-enospc.dif -Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif -Patch41: krb5-1.6.3-kpasswd_tcp.patch -Patch44: krb5-1.6.3-ktutil-manpage.dif -Patch46: krb5-1.6.3-fix-ipv6-query.dif +Patch1: krb5-1.6.1-compile_pie.dif +Patch2: krb5-1.6.3-kprop-use-mkstemp.dif +Patch3: krb5-1.7-manpaths.dif +Patch4: krb5-1.4.3-enospc.dif +Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif +Patch6: krb5-1.6.3-kpasswd_tcp.patch +Patch7: krb5-1.6.3-ktutil-manpage.dif +Patch8: krb5-1.6.3-fix-ipv6-query.dif +Patch9: krb5-1.7-MITKRB5-SA-2010-004.dif BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -194,14 +195,15 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} +%patch1 %patch2 -%patch20 -%patch30 -p1 -%patch32 -p1 -%patch34 -p1 -%patch41 -%patch44 -p1 -%patch46 -p1 +%patch3 -p1 +%patch4 -p1 +%patch5 -p1 +%patch6 +%patch7 -p1 +%patch8 -p1 +%patch9 -p1 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do