Dominique Leuenberger 2018-10-29 13:13:32 +00:00 committed by Git OBS Bridge
commit 6b8422d303
9 changed files with 184 additions and 104 deletions

View File

@ -31,9 +31,11 @@ The selabel APIs for looking up the context should be thread-safe (per
Red Hat #273081), so switching to using them instead of matchpathcon(), Red Hat #273081), so switching to using them instead of matchpathcon(),
which we used earlier, is some improvement. which we used earlier, is some improvement.
--- krb5-1.13.orig/src/aclocal.m4 Index: krb5-1.16.1/src/aclocal.m4
+++ krb5-1.13/src/aclocal.m4 ===================================================================
@@ -87,6 +87,7 @@ AC_SUBST_FILE(libnodeps_frag) --- krb5-1.16.1.orig/src/aclocal.m4
+++ krb5-1.16.1/src/aclocal.m4
@@ -89,6 +89,7 @@ AC_SUBST_FILE(libnodeps_frag)
dnl dnl
KRB5_AC_PRAGMA_WEAK_REF KRB5_AC_PRAGMA_WEAK_REF
WITH_LDAP WITH_LDAP
@ -41,7 +43,7 @@ which we used earlier, is some improvement.
KRB5_LIB_PARAMS KRB5_LIB_PARAMS
KRB5_AC_INITFINI KRB5_AC_INITFINI
KRB5_AC_ENABLE_THREADS KRB5_AC_ENABLE_THREADS
@@ -1738,3 +1739,51 @@ AC_SUBST(PAM_LIBS) @@ -1763,3 +1764,51 @@ AC_SUBST(PAM_LIBS)
AC_SUBST(PAM_MAN) AC_SUBST(PAM_MAN)
AC_SUBST(NON_PAM_MAN) AC_SUBST(NON_PAM_MAN)
])dnl ])dnl
@ -93,9 +95,11 @@ which we used earlier, is some improvement.
+LIBS="$old_LIBS" +LIBS="$old_LIBS"
+AC_SUBST(SELINUX_LIBS) +AC_SUBST(SELINUX_LIBS)
+])dnl +])dnl
--- krb5-1.13.orig/src/config/pre.in Index: krb5-1.16.1/src/config/pre.in
+++ krb5-1.13/src/config/pre.in ===================================================================
@@ -174,6 +174,7 @@ LD = $(PURE) @LD@ --- krb5-1.16.1.orig/src/config/pre.in
+++ krb5-1.16.1/src/config/pre.in
@@ -177,6 +177,7 @@ LD = $(PURE) @LD@
KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include KRB_INCLUDES = -I$(BUILDTOP)/include -I$(top_srcdir)/include
LDFLAGS = @LDFLAGS@ LDFLAGS = @LDFLAGS@
LIBS = @LIBS@ LIBS = @LIBS@
@ -103,7 +107,7 @@ which we used earlier, is some improvement.
INSTALL=@INSTALL@ INSTALL=@INSTALL@
INSTALL_STRIP= INSTALL_STRIP=
@@ -394,7 +395,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME) @@ -399,7 +400,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
# HESIOD_LIBS is -lhesiod... # HESIOD_LIBS is -lhesiod...
HESIOD_LIBS = @HESIOD_LIBS@ HESIOD_LIBS = @HESIOD_LIBS@
@ -111,10 +115,12 @@ which we used earlier, is some improvement.
+KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB) +KRB5_BASE_LIBS = $(KRB5_LIB) $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB) $(GEN_LIB) $(LIBS) $(SELINUX_LIBS) $(DL_LIB)
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS) KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
GSS_LIBS = $(GSS_KRB5_LIB) GSS_LIBS = $(GSS_KRB5_LIB)
# needs fixing if ever used on Mac OS X! # needs fixing if ever used on macOS!
--- krb5-1.13.orig/src/configure.in Index: krb5-1.16.1/src/configure.in
+++ krb5-1.13/src/configure.in ===================================================================
@@ -1287,6 +1287,8 @@ AC_PATH_PROG(GROFF, groff) --- krb5-1.16.1.orig/src/configure.in
+++ krb5-1.16.1/src/configure.in
@@ -1308,6 +1308,8 @@ AC_PATH_PROG(GROFF, groff)
KRB5_WITH_PAM KRB5_WITH_PAM
@ -123,9 +129,11 @@ which we used earlier, is some improvement.
# Make localedir work in autoconf 2.5x. # Make localedir work in autoconf 2.5x.
if test "${localedir+set}" != set; then if test "${localedir+set}" != set; then
localedir='$(datadir)/locale' localedir='$(datadir)/locale'
--- krb5-1.13.orig/src/include/k5-int.h Index: krb5-1.16.1/src/include/k5-int.h
+++ krb5-1.13/src/include/k5-int.h ===================================================================
@@ -127,6 +127,7 @@ typedef unsigned char u_char; --- krb5-1.16.1.orig/src/include/k5-int.h
+++ krb5-1.16.1/src/include/k5-int.h
@@ -126,6 +126,7 @@ typedef unsigned char u_char;
#endif /* HAVE_SYS_TYPES_H */ #endif /* HAVE_SYS_TYPES_H */
#endif /* KRB5_SYSTYPES__ */ #endif /* KRB5_SYSTYPES__ */
@ -133,8 +141,10 @@ which we used earlier, is some improvement.
#include "k5-platform.h" #include "k5-platform.h"
Index: krb5-1.16.1/src/include/k5-label.h
===================================================================
--- /dev/null --- /dev/null
+++ krb5-1.13/src/include/k5-label.h +++ krb5-1.16.1/src/include/k5-label.h
@@ -0,0 +1,32 @@ @@ -0,0 +1,32 @@
+#ifndef _KRB5_LABEL_H +#ifndef _KRB5_LABEL_H
+#define _KRB5_LABEL_H +#define _KRB5_LABEL_H
@ -168,8 +178,10 @@ which we used earlier, is some improvement.
+#define THREEPARAMOPEN(x,y,z) open(x,y,z) +#define THREEPARAMOPEN(x,y,z) open(x,y,z)
+#endif +#endif
+#endif +#endif
--- krb5-1.13.orig/src/include/krb5/krb5.hin Index: krb5-1.16.1/src/include/krb5/krb5.hin
+++ krb5-1.13/src/include/krb5/krb5.hin ===================================================================
--- krb5-1.16.1.orig/src/include/krb5/krb5.hin
+++ krb5-1.16.1/src/include/krb5/krb5.hin
@@ -87,6 +87,12 @@ @@ -87,6 +87,12 @@
#define THREEPARAMOPEN(x,y,z) open(x,y,z) #define THREEPARAMOPEN(x,y,z) open(x,y,z)
#endif #endif
@ -183,8 +195,10 @@ which we used earlier, is some improvement.
#define KRB5_OLD_CRYPTO #define KRB5_OLD_CRYPTO
#include <stdlib.h> #include <stdlib.h>
--- krb5-1.13.orig/src/kadmin/dbutil/dump.c Index: krb5-1.16.1/src/kadmin/dbutil/dump.c
+++ krb5-1.13/src/kadmin/dbutil/dump.c ===================================================================
--- krb5-1.16.1.orig/src/kadmin/dbutil/dump.c
+++ krb5-1.16.1/src/kadmin/dbutil/dump.c
@@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname @@ -148,12 +148,21 @@ create_ofile(char *ofile, char **tmpname
{ {
int fd = -1; int fd = -1;
@ -216,8 +230,10 @@ which we used earlier, is some improvement.
if (*fd == -1) { if (*fd == -1) {
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok); com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
exit_status++; exit_status++;
--- krb5-1.13.orig/src/build-tools/krb5-config.in Index: krb5-1.16.1/src/build-tools/krb5-config.in
+++ krb5-1.13/src/build-tools/krb5-config.in ===================================================================
--- krb5-1.16.1.orig/src/build-tools/krb5-config.in
+++ krb5-1.16.1/src/build-tools/krb5-config.in
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@' @@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
DEFCCNAME='@DEFCCNAME@' DEFCCNAME='@DEFCCNAME@'
DEFKTNAME='@DEFKTNAME@' DEFKTNAME='@DEFKTNAME@'
@ -235,9 +251,11 @@ which we used earlier, is some improvement.
# here. # here.
echo $lib_flags echo $lib_flags
--- krb5-1.15.orig/src/lib/kadm5/logger.c 2016-12-01 23:31:24.000000000 +0100 Index: krb5-1.16.1/src/lib/kadm5/logger.c
+++ krb5-1.15/src/lib/kadm5/logger.c 2016-12-03 21:08:16.107101435 +0100 ===================================================================
@@ -414,7 +414,7 @@ --- krb5-1.16.1.orig/src/lib/kadm5/logger.c
+++ krb5-1.16.1/src/lib/kadm5/logger.c
@@ -414,7 +414,7 @@ krb5_klog_init(krb5_context kcontext, ch
*/ */
append = (cp[4] == ':') ? O_APPEND : 0; append = (cp[4] == ':') ? O_APPEND : 0;
if (append || cp[4] == '=') { if (append || cp[4] == '=') {
@ -246,7 +264,7 @@ which we used earlier, is some improvement.
S_IRUSR | S_IWUSR | S_IRGRP); S_IRUSR | S_IWUSR | S_IRGRP);
if (fd != -1) if (fd != -1)
f = fdopen(fd, append ? "a" : "w"); f = fdopen(fd, append ? "a" : "w");
@@ -918,7 +918,7 @@ @@ -918,7 +918,7 @@ krb5_klog_reopen(krb5_context kcontext)
* In case the old logfile did not get moved out of the * In case the old logfile did not get moved out of the
* way, open for append to prevent squashing the old logs. * way, open for append to prevent squashing the old logs.
*/ */
@ -255,9 +273,11 @@ which we used earlier, is some improvement.
if (f) { if (f) {
set_cloexec_file(f); set_cloexec_file(f);
log_control.log_entries[lindex].lfu_filep = f; log_control.log_entries[lindex].lfu_filep = f;
--- krb5-1.15.orig/src/lib/krb5/keytab/kt_file.c 2016-12-01 23:31:25.000000000 +0100 Index: krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
+++ krb5-1.15/src/lib/krb5/keytab/kt_file.c 2016-12-03 17:33:05.520679326 +0100 ===================================================================
@@ -1022,14 +1022,14 @@ --- krb5-1.16.1.orig/src/lib/krb5/keytab/kt_file.c
+++ krb5-1.16.1/src/lib/krb5/keytab/kt_file.c
@@ -1024,14 +1024,14 @@ krb5_ktfileint_open(krb5_context context
KTCHECKLOCK(id); KTCHECKLOCK(id);
errno = 0; errno = 0;
@ -274,9 +294,11 @@ which we used earlier, is some improvement.
if (!KTFILEP(id)) if (!KTFILEP(id))
goto report_errno; goto report_errno;
writevno = 1; writevno = 1;
--- krb5-1.15.orig/src/plugins/kdb/db2/adb_openclose.c 2016-12-01 23:31:25.000000000 +0100 Index: krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
+++ krb5-1.15/src/plugins/kdb/db2/adb_openclose.c 2016-12-03 17:34:40.565150626 +0100 ===================================================================
@@ -152,7 +152,7 @@ --- krb5-1.16.1.orig/src/plugins/kdb/db2/adb_openclose.c
+++ krb5-1.16.1/src/plugins/kdb/db2/adb_openclose.c
@@ -152,7 +152,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
* needs be open read/write so that write locking can work with * needs be open read/write so that write locking can work with
* POSIX systems * POSIX systems
*/ */
@ -285,8 +307,10 @@ which we used earlier, is some improvement.
/* /*
* maybe someone took away write permission so we could only * maybe someone took away write permission so we could only
* get shared locks? * get shared locks?
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/btree/bt_open.c ===================================================================
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8. @@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
#include <string.h> #include <string.h>
#include <unistd.h> #include <unistd.h>
@ -304,8 +328,10 @@ which we used earlier, is some improvement.
goto err; goto err;
} else { } else {
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/hash/hash.c Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/hash/hash.c ===================================================================
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/hash/hash.c
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12 @@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
#include <assert.h> #include <assert.h>
#endif #endif
@ -314,7 +340,7 @@ which we used earlier, is some improvement.
#include "db-int.h" #include "db-int.h"
#include "hash.h" #include "hash.h"
#include "page.h" #include "page.h"
@@ -140,7 +141,7 @@ __kdb2_hash_open(file, flags, mode, info @@ -129,7 +130,7 @@ __kdb2_hash_open(file, flags, mode, info
new_table = 1; new_table = 1;
} }
if (file) { if (file) {
@ -323,9 +349,11 @@ which we used earlier, is some improvement.
RETURN_ERROR(errno, error0); RETURN_ERROR(errno, error0);
(void)fcntl(hashp->fp, F_SETFD, 1); (void)fcntl(hashp->fp, F_SETFD, 1);
} }
--- krb5-1.13.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c Index: krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+++ krb5-1.13/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c ===================================================================
@@ -178,7 +178,7 @@ done: --- krb5-1.16.1.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
+++ krb5-1.16.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
@@ -203,7 +203,7 @@ kdb5_ldap_stash_service_password(int arg
/* set password in the file */ /* set password in the file */
old_mode = umask(0177); old_mode = umask(0177);
@ -334,7 +362,7 @@ which we used earlier, is some improvement.
if (pfile == NULL) { if (pfile == NULL) {
com_err(me, errno, _("Failed to open file %s: %s"), file_name, com_err(me, errno, _("Failed to open file %s: %s"), file_name,
strerror (errno)); strerror (errno));
@@ -219,6 +219,9 @@ done: @@ -244,6 +244,9 @@ kdb5_ldap_stash_service_password(int arg
* Delete the existing entry and add the new entry * Delete the existing entry and add the new entry
*/ */
FILE *newfile; FILE *newfile;
@ -344,7 +372,7 @@ which we used earlier, is some improvement.
mode_t omask; mode_t omask;
@@ -230,7 +233,13 @@ done: @@ -255,7 +258,13 @@ kdb5_ldap_stash_service_password(int arg
} }
omask = umask(077); omask = umask(077);
@ -358,9 +386,11 @@ which we used earlier, is some improvement.
umask (omask); umask (omask);
if (newfile == NULL) { if (newfile == NULL) {
com_err(me, errno, _("Error creating file %s"), tmp_file); com_err(me, errno, _("Error creating file %s"), tmp_file);
--- krb5-1.13.orig/src/util/profile/prof_file.c Index: krb5-1.16.1/src/util/profile/prof_file.c
+++ krb5-1.13/src/util/profile/prof_file.c ===================================================================
@@ -30,6 +30,7 @@ --- krb5-1.16.1.orig/src/util/profile/prof_file.c
+++ krb5-1.16.1/src/util/profile/prof_file.c
@@ -33,6 +33,7 @@
#endif #endif
#include "k5-platform.h" #include "k5-platform.h"
@ -368,7 +398,7 @@ which we used earlier, is some improvement.
struct global_shared_profile_data { struct global_shared_profile_data {
/* This is the head of the global list of shared trees */ /* This is the head of the global list of shared trees */
@@ -411,7 +412,7 @@ static errcode_t write_data_to_file(prf_ @@ -423,7 +424,7 @@ static errcode_t write_data_to_file(prf_
errno = 0; errno = 0;
@ -377,9 +407,11 @@ which we used earlier, is some improvement.
if (!f) { if (!f) {
retval = errno; retval = errno;
if (retval == 0) if (retval == 0)
--- krb5-1.13.orig/src/util/support/Makefile.in Index: krb5-1.16.1/src/util/support/Makefile.in
+++ krb5-1.13/src/util/support/Makefile.in ===================================================================
@@ -59,6 +59,7 @@ IPC_SYMS= \ --- krb5-1.16.1.orig/src/util/support/Makefile.in
+++ krb5-1.16.1/src/util/support/Makefile.in
@@ -69,6 +69,7 @@ IPC_SYMS= \
STLIBOBJS= \ STLIBOBJS= \
threads.o \ threads.o \
@ -387,7 +419,7 @@ which we used earlier, is some improvement.
init-addrinfo.o \ init-addrinfo.o \
plugins.o \ plugins.o \
errors.o \ errors.o \
@@ -131,7 +132,7 @@ SRCS=\ @@ -149,7 +150,7 @@ SRCS=\
SHLIB_EXPDEPS = SHLIB_EXPDEPS =
# Add -lm if dumping thread stats, for sqrt. # Add -lm if dumping thread stats, for sqrt.
@ -396,8 +428,10 @@ which we used earlier, is some improvement.
DEPLIBS= DEPLIBS=
Index: krb5-1.16.1/src/util/support/selinux.c
===================================================================
--- /dev/null --- /dev/null
+++ krb5-1.13/src/util/support/selinux.c +++ krb5-1.16.1/src/util/support/selinux.c
@@ -0,0 +1,381 @@ @@ -0,0 +1,381 @@
+/* +/*
+ * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved. + * Copyright 2007,2008,2009,2011,2012,2013 Red Hat, Inc. All Rights Reserved.
@ -780,9 +814,11 @@ which we used earlier, is some improvement.
+} +}
+ +
+#endif +#endif
--- krb5-1.13.orig/src/lib/krb5/rcache/rc_dfl.c Index: krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
+++ krb5-1.13/src/lib/krb5/rcache/rc_dfl.c ===================================================================
@@ -794,6 +794,9 @@ krb5_rc_dfl_expunge_locked(krb5_context --- krb5-1.16.1.orig/src/lib/krb5/rcache/rc_dfl.c
+++ krb5-1.16.1/src/lib/krb5/rcache/rc_dfl.c
@@ -793,6 +793,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
krb5_error_code retval = 0; krb5_error_code retval = 0;
krb5_rcache tmp; krb5_rcache tmp;
krb5_deltat lifespan = t->lifespan; /* save original lifespan */ krb5_deltat lifespan = t->lifespan; /* save original lifespan */
@ -792,7 +828,7 @@ which we used earlier, is some improvement.
if (! t->recovering) { if (! t->recovering) {
name = t->name; name = t->name;
@@ -815,7 +818,17 @@ krb5_rc_dfl_expunge_locked(krb5_context @@ -814,7 +817,17 @@ krb5_rc_dfl_expunge_locked(krb5_context
retval = krb5_rc_resolve(context, tmp, 0); retval = krb5_rc_resolve(context, tmp, 0);
if (retval) if (retval)
goto cleanup; goto cleanup;
@ -810,8 +846,10 @@ which we used earlier, is some improvement.
if (retval) if (retval)
goto cleanup; goto cleanup;
for (q = t->a; q; q = q->na) { for (q = t->a; q; q = q->na) {
--- krb5-1.13.orig/src/lib/krb5/ccache/cc_dir.c Index: krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
+++ krb5-1.13/src/lib/krb5/ccache/cc_dir.c ===================================================================
--- krb5-1.16.1.orig/src/lib/krb5/ccache/cc_dir.c
+++ krb5-1.16.1/src/lib/krb5/ccache/cc_dir.c
@@ -183,10 +183,19 @@ write_primary_file(const char *primary_p @@ -183,10 +183,19 @@ write_primary_file(const char *primary_p
char *newpath = NULL; char *newpath = NULL;
FILE *fp = NULL; FILE *fp = NULL;
@ -858,9 +896,11 @@ which we used earlier, is some improvement.
k5_setmsg(context, KRB5_FCC_NOFILE, k5_setmsg(context, KRB5_FCC_NOFILE,
_("Credential cache directory %s does not exist"), _("Credential cache directory %s does not exist"),
dirname); dirname);
--- krb5-1.13.orig/src/lib/krb5/os/trace.c Index: krb5-1.16.1/src/lib/krb5/os/trace.c
+++ krb5-1.13/src/lib/krb5/os/trace.c ===================================================================
@@ -397,7 +397,7 @@ krb5_set_trace_filename(krb5_context con --- krb5-1.16.1.orig/src/lib/krb5/os/trace.c
+++ krb5-1.16.1/src/lib/krb5/os/trace.c
@@ -398,7 +398,7 @@ krb5_set_trace_filename(krb5_context con
fd = malloc(sizeof(*fd)); fd = malloc(sizeof(*fd));
if (fd == NULL) if (fd == NULL)
return ENOMEM; return ENOMEM;
@ -869,9 +909,11 @@ which we used earlier, is some improvement.
if (*fd == -1) { if (*fd == -1) {
free(fd); free(fd);
return errno; return errno;
--- krb5-1.13.orig/src/plugins/kdb/db2/kdb_db2.c Index: krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
+++ krb5-1.13/src/plugins/kdb/db2/kdb_db2.c ===================================================================
@@ -695,8 +695,8 @@ ctx_create_db(krb5_context context, krb5 --- krb5-1.16.1.orig/src/plugins/kdb/db2/kdb_db2.c
+++ krb5-1.16.1/src/plugins/kdb/db2/kdb_db2.c
@@ -694,8 +694,8 @@ ctx_create_db(krb5_context context, krb5
if (retval) if (retval)
return retval; return retval;
@ -882,8 +924,10 @@ which we used earlier, is some improvement.
if (dbc->db_lf_file < 0) { if (dbc->db_lf_file < 0) {
retval = errno; retval = errno;
goto cleanup; goto cleanup;
--- krb5-1.13.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c Index: krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+++ krb5-1.13/src/plugins/kdb/db2/libdb2/recno/rec_open.c ===================================================================
--- krb5-1.16.1.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
+++ krb5-1.16.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8 @@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
#include <stdio.h> #include <stdio.h>
#include <unistd.h> #include <unistd.h>
@ -902,9 +946,11 @@ which we used earlier, is some improvement.
return (NULL); return (NULL);
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) { if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
--- krb5-1.13.orig/src/kdc/main.c Index: krb5-1.16.1/src/kdc/main.c
+++ krb5-1.13/src/kdc/main.c ===================================================================
@@ -847,7 +847,7 @@ write_pid_file(const char *path) --- krb5-1.16.1.orig/src/kdc/main.c
+++ krb5-1.16.1/src/kdc/main.c
@@ -873,7 +873,7 @@ write_pid_file(const char *path)
FILE *file; FILE *file;
unsigned long pid; unsigned long pid;
@ -913,9 +959,11 @@ which we used earlier, is some improvement.
if (file == NULL) if (file == NULL)
return errno; return errno;
pid = (unsigned long) getpid(); pid = (unsigned long) getpid();
--- krb5-1.13.orig/src/lib/kdb/kdb_log.c Index: krb5-1.16.1/src/lib/kdb/kdb_log.c
+++ krb5-1.13/src/lib/kdb/kdb_log.c ===================================================================
@@ -464,7 +464,7 @@ ulog_map(krb5_context context, const cha --- krb5-1.16.1.orig/src/lib/kdb/kdb_log.c
+++ krb5-1.16.1/src/lib/kdb/kdb_log.c
@@ -484,7 +484,7 @@ ulog_map(krb5_context context, const cha
if (extend_file_to(ulogfd, filesize) < 0) if (extend_file_to(ulogfd, filesize) < 0)
return errno; return errno;
} else { } else {
@ -924,9 +972,11 @@ which we used earlier, is some improvement.
if (ulogfd == -1) if (ulogfd == -1)
return errno; return errno;
} }
--- krb5-1.13.orig/src/slave/kpropd.c Index: krb5-1.16.1/src/slave/kpropd.c
+++ krb5-1.13/src/slave/kpropd.c ===================================================================
@@ -460,7 +460,9 @@ doit(int fd) --- krb5-1.16.1.orig/src/slave/kpropd.c
+++ krb5-1.16.1/src/slave/kpropd.c
@@ -488,7 +488,9 @@ doit(int fd)
krb5_enctype etype; krb5_enctype etype;
int database_fd; int database_fd;
char host[INET6_ADDRSTRLEN + 1]; char host[INET6_ADDRSTRLEN + 1];
@ -937,7 +987,7 @@ which we used earlier, is some improvement.
signal_wrapper(SIGALRM, alarm_handler); signal_wrapper(SIGALRM, alarm_handler);
alarm(params.iprop_resync_timeout); alarm(params.iprop_resync_timeout);
fromlen = sizeof(from); fromlen = sizeof(from);
@@ -516,9 +518,15 @@ doit(int fd) @@ -543,9 +545,15 @@ doit(int fd)
free(name); free(name);
exit(1); exit(1);
} }

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:92bb5b613e42c62e3b693cd68ba1ea185eb26d5dcc2d168fce17706c150bebab
size 9386670

View File

@ -1,17 +0,0 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAWutaxAy6CFdfg3LfAQJB8g/+NiCVQakhrLJt8AKwoSYM+MkDReKJNGur
4XY8uI0zDfvWH+fK+6KyNvjV0C4tbzEU7dC4pydLaR+5ptW3vOpNTaWoYiJMpSZQ
HnpCtlaeBFTVPX3EpqZxwnFyt/FJSAcxQMImSwgUWq2sn1ZG0TQ0cW4USclpkaHP
wn4tbAzITy9qxp71KOlc+H+Xghfgp46GOHA6qWfNF0uhaxmYOrGh/WtHnWiN66Cs
LIZHCzxPX8iKuJKKG+awyl1XBb+eSdTzkFCAOH3mWYyt6FHbDnSpGd9lILeomtjs
fZ7l9YEy9lMxQuj1QV29nkI37+SiX2rNGGheNXwiriqgQxGrLxyQBfDwJEQJFIM4
HWVLhFTtE7nko0UGLat2XpfHHRUVNsDFqOHw8yPcfYfsE0h4YKz6O7PO3t8GLrYs
LOSXPSIqgAciKmChhAxOGvJOk89LAQJpe664Agp5dD41lYEzGp/UUDWLMArqEB4x
hLKi5gXfKrrA+OBP007j15dJGwBhaE61xeBkmVI8Ds6kDAgmpNlTsNukOHvvlUOq
C6+OJUUSLI9f0fnPSOz0W7JAQsdp2D+5dYrTU8JgzIKU5r8vO1pzKkM9oNSSUUIA
Y9AMaZh8uBDlhzvGtWRgDnAn3y0g8Qjf5DcWHqNeWQrMOg7ekn0XutmepnGGvXHN
56JVACsg3Zw=
=SYgQ
-----END PGP SIGNATURE-----

3
krb5-1.16.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:214ffe394e3ad0c730564074ec44f1da119159d94281bbec541dc29168d21117
size 9477480

17
krb5-1.16.1.tar.gz.asc Normal file
View File

@ -0,0 +1,17 @@
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIVAwUAWushEwy6CFdfg3LfAQJ+eBAAijTUBfXzCuxCwbDhCFYb1fIbHMkKkTuq
knFKv0VbALW1qUAj5v35A6GjDam6a33bMvGX8MzbGK/a9IDkpvaaXP/c37V4OfiQ
MhA6uQl0vxBMoCZqAFEVcWd6+M/0rY0WBZKpXRiZxxuSNPnSXn1l9fQAcrYKGb7I
YpaAWnzw+cc1k4Xi+GaaSghEYA4dX7TXh1fViJyHaNSESYZjH3J6wEdPm6LtZk6q
GwJw/ieMQi8djde0AhCbzMHWiaeW3jNPOJmpd3mpY04BAAkzGCyRiYGscxb6ge4u
ag2fojv7rbnJxDzy9RO0ZP0+fVPDMwInZ5GHPftbraSDFkTH2JBAYFudPsLDAoRK
FdjLeHpvuU5ifXWrLyshVYYfeXSe0fHz9Xhfhq2/OmfBD6vQl5k86z8IqxNm4ujy
ziypmTzHFnP/sBKlMgSMdDEKoKZHxevVQM5eJQd1XGexmwogkSPX8mwoEc0q4dtZ
h5w/fCu4ERA0BihvnQMZCZgwe32pO27ccPc6PqNHffUSLOq74J4gBHeoAoZ+SYPu
33oG7wxh+8WONzEGujl1lmxHFstij/njg8nULQ6bo6hSZnlMD0gU59mG9seC2jjr
E4aM4TXd1ixxPzM/cqxfI9SalytwYW0gn7Vuyj3P8xIZ5GQZiTsD7XWJqzb3xHmA
2JSQt4TK3Cc=
=9z9K
-----END PGP SIGNATURE-----

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Oct 9 20:13:24 UTC 2018 - James McDonough <jmcdonough@suse.com>
- Upgrade to 1.16.1
* kdc client cert matching on client principal entry
* Allow ktutil addent command to ignore key version and use
non-default salt string.
* add kpropd pidfile support
* enable "encrypted_challenge_indicator" realm option on tickets
obtained using FAST encrypted challenge pre-authentication.
* dates through 2106 accepted
* KDC support for trivially renewable tickets
* stop caching referral and alternate cross-realm TGTs to prevent
duplicate credential cache entries
------------------------------------------------------------------- -------------------------------------------------------------------
Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com Fri May 4 09:48:36 UTC 2018 - michael@stroeder.com

View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -21,7 +21,7 @@
%define _fillupdir /var/adm/fillup-templates %define _fillupdir /var/adm/fillup-templates
%endif %endif
%define srcRoot krb5-1.15.3 %define srcRoot krb5-1.16.1
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5 %define krb5docdir %{_defaultdocdir}/krb5
@ -34,7 +34,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
Version: 1.15.3 Version: 1.16.1
Release: 0 Release: 0
Summary: MIT Kerberos5 implementation and libraries with minimal dependencies Summary: MIT Kerberos5 implementation and libraries with minimal dependencies
License: MIT License: MIT
@ -52,8 +52,8 @@ Conflicts: krb5-server
Conflicts: krb5-plugin-kdb-ldap Conflicts: krb5-plugin-kdb-ldap
Conflicts: krb5-plugin-preauth-pkinit Conflicts: krb5-plugin-preauth-pkinit
Conflicts: krb5-plugin-preauth-otp Conflicts: krb5-plugin-preauth-otp
Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring Source2: krb5.keyring
Source3: vendor-files.tar.bz2 Source3: vendor-files.tar.bz2
Source4: baselibs.conf Source4: baselibs.conf

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Tue Oct 9 20:00:21 UTC 2018 - James McDonough <jmcdonough@suse.com>
- Upgrade to 1.16.1
* kdc client cert matching on client principal entry
* Allow ktutil addent command to ignore key version and use
non-default salt string.
* add kpropd pidfile support
* enable "encrypted_challenge_indicator" realm option on tickets
obtained using FAST encrypted challenge pre-authentication.
* dates through 2106 accepted
* KDC support for trivially renewable tickets
* stop caching referral and alternate cross-realm TGTs to prevent
duplicate credential cache entries
------------------------------------------------------------------- -------------------------------------------------------------------
Mon Jun 18 11:02:57 UTC 2018 - mcepl@suse.com Mon Jun 18 11:02:57 UTC 2018 - mcepl@suse.com

View File

@ -12,7 +12,7 @@
# license that conforms to the Open Source Definition (Version 1.9) # license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative. # published by the Open Source Initiative.
# Please submit bugfixes or comments via http://bugs.opensuse.org/ # Please submit bugfixes or comments via https://bugs.opensuse.org/
# #
@ -30,7 +30,7 @@ BuildRequires: keyutils-devel
BuildRequires: libcom_err-devel BuildRequires: libcom_err-devel
BuildRequires: libselinux-devel BuildRequires: libselinux-devel
BuildRequires: ncurses-devel BuildRequires: ncurses-devel
Version: 1.15.3 Version: 1.16.1
Release: 0 Release: 0
Summary: MIT Kerberos5 implementation Summary: MIT Kerberos5 implementation
License: MIT License: MIT
@ -46,8 +46,8 @@ BuildRequires: pkgconfig(systemd)
Obsoletes: krb5-64bit Obsoletes: krb5-64bit
%endif %endif
Conflicts: krb5-mini Conflicts: krb5-mini
Source0: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz Source0: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz
Source1: https://web.mit.edu/kerberos/dist/krb5/1.15/krb5-%{version}.tar.gz.asc Source1: https://web.mit.edu/kerberos/dist/krb5/1.16/krb5-%{version}.tar.gz.asc
Source2: krb5.keyring Source2: krb5.keyring
Source3: vendor-files.tar.bz2 Source3: vendor-files.tar.bz2
Source4: baselibs.conf Source4: baselibs.conf