diff --git a/krb5-mini.changes b/krb5-mini.changes index 82252d7..b2d9a34 100644 --- a/krb5-mini.changes +++ b/krb5-mini.changes @@ -1,4 +1,23 @@ ------------------------------------------------------------------- +Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com + +- add patches from Fedora and upstream +- fix init scripts (bnc#689006) + +------------------------------------------------------------------- +Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com + +- update to version 1.9.1 + * obsolete patches: + MITKRB5-SA-2010-007-1.8.dif + krb5-1.8-MITKRB5-SA-2010-006.dif + krb5-1.8-MITKRB5-SA-2011-001.dif + krb5-1.8-MITKRB5-SA-2011-002.dif + krb5-1.8-MITKRB5-SA-2011-003.dif + krb5-1.8-MITKRB5-SA-2011-004.dif + krb5-1.4.3-enospc.dif + * replace krb5-1.6.1-compile_pie.dif +------------------------------------------------------------------- Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de - fix kadmind invalid pointer free() diff --git a/krb5-mini.spec b/krb5-mini.spec index 6784dc9..54f5ac2 100644 --- a/krb5-mini.spec +++ b/krb5-mini.spec @@ -1,5 +1,5 @@ # -# spec file for package krb5-mini +# spec file for package krb5 # # Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany. # @@ -18,7 +18,7 @@ # norootforbuild %define build_mini 1 -%define srcRoot krb5-1.8.3 +%define srcRoot krb5-1.9.1 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/ %define krb5docdir %{_defaultdocdir}/krb5 @@ -27,10 +27,12 @@ License: MIT License (or similar) Url: http://web.mit.edu/kerberos/www/ BuildRequires: bison libcom_err-devel ncurses-devel BuildRequires: keyutils keyutils-devel -Version: 1.8.3 -Release: 6 +BuildRequires: libselinux-devel +Version: 1.9.1 +Release: 19 %if ! 0%{?build_mini} BuildRequires: libopenssl-devel openldap2-devel +BuildRequires: pam-devel # bug437293 %ifarch ppc64 Obsoletes: krb5-64bit @@ -42,25 +44,33 @@ Group: Productivity/Networking/Security Summary: MIT Kerberos5 Implementation--Libraries Group: Productivity/Networking/Security %endif -Source: krb5-1.8.3.tar.bz2 +Source: krb5-1.9.1.tar.bz2 Source1: vendor-files.tar.bz2 Source2: baselibs.conf -Source5: krb5-%{version}-rpmlintrc -Source10: krb5-1.7-manpaths.txt -Patch1: krb5-1.6.1-compile_pie.dif -Patch2: krb5-1.6.3-kprop-use-mkstemp.dif -Patch3: krb5-1.7-manpaths.dif -Patch4: krb5-1.4.3-enospc.dif +Source5: krb5-rpmlintrc +Source10: krb5-1.8-manpaths.txt +Patch1: krb5-1.9-buildconf.patch +Patch3: krb5-1.9-manpaths.dif Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif -Patch8: krb5-1.6.3-fix-ipv6-query.dif -Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif -Patch13: MITKRB5-SA-2010-007-1.8.dif -Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif -Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif -Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif -Patch17: krb5-1.8-MITKRB5-SA-2011-004.dif +Patch10: krb5-1.7-doublelog.patch +Patch11: krb5-1.7-nodeplibs.patch +Patch12: krb5-1.8-api.patch +Patch13: krb5-1.8-pam.patch +Patch14: krb5-1.9.1-ai_addrconfig.patch +Patch15: krb5-1.9.1-ai_addrconfig2.patch +Patch16: krb5-1.9.1-sendto_poll.patch +Patch17: krb5-1.9-canonicalize-fallback.patch +Patch18: krb5-1.9-kprop-mktemp.patch +Patch19: krb5-1.9-ksu-path.patch +Patch20: krb5-1.9-paren.patch +Patch21: krb5-1.9-selinux-label.patch +Patch22: krb5-klist_s.patch +Patch23: krb5-pkinit-cms2.patch +Patch24: krb5-trunk-chpw-err.patch +Patch25: krb5-trunk-gss_delete_sec.patch +Patch26: krb5-trunk-kadmin-oldproto.patch BuildRoot: %{_tmppath}/%{name}-%{version}-build PreReq: mktemp, grep, /bin/touch, coreutils PreReq: %insserv_prereq %fillup_prereq @@ -200,20 +210,28 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -%patch1 -%patch2 +%patch13 -p1 %patch3 -p1 -%patch4 -p1 +%patch21 -p1 +%patch1 -p1 %patch5 -p1 %patch6 %patch7 -p1 -%patch8 -p1 +%patch10 -p1 +%patch11 -p1 %patch12 -p1 -%patch13 -p1 -%patch14 -p1 -%patch15 -p0 -%patch16 -p1 +%patch14 +%patch15 +%patch16 %patch17 -p1 +%patch18 -p1 +%patch19 -p1 +%patch20 -p1 +%patch22 -p1 +%patch23 -p1 +%patch24 +%patch25 -p1 +%patch26 # Rename the man pages so that they'll get generated correctly. pushd src cat %{SOURCE10} | while read manpage ; do @@ -242,6 +260,9 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI --disable-rpath \ %if ! %{build_mini} --with-ldap \ + --with-pam \ + --enable-pkinit \ + --with-selinux \ %else --disable-pkinit \ %endif diff --git a/krb5-trunk-kpasswd_tcp2.patch b/krb5-trunk-kpasswd_tcp2.patch deleted file mode 100644 index 2e70a6a..0000000 --- a/krb5-trunk-kpasswd_tcp2.patch +++ /dev/null @@ -1,233 +0,0 @@ -Use a list of disconnected and connected sockets to talk to kpasswd -servers, so we automatically try TCP if we fail to change the password -UDP, or if the UDP-based server is just slow. - -This patch looks big, but most of it's actually whitespace because -most of the logic is no longer called as part of a loop with UDP and -TCP being used in different iterations. RT #5868. - -Index: src/lib/krb5/os/changepw.c -=================================================================== ---- src/lib/krb5/os/changepw.c (revision 20199) -+++ src/lib/krb5/os/changepw.c (working copy) -@@ -199,14 +199,14 @@ - krb5_address remote_kaddr; - krb5_boolean useTcp = 0; - GETSOCKNAME_ARG3_TYPE addrlen; -- krb5_error_code code = 0; -+ krb5_error_code code = 0, code2 = 0; - char *code_string; -- int local_result_code; -+ int local_result_code, i; - - struct sendto_callback_context callback_ctx; - struct sendto_callback_info callback_info; - struct sockaddr_storage remote_addr; -- struct addrlist al = ADDRLIST_INIT; -+ struct addrlist al = ADDRLIST_INIT, al2 = ADDRLIST_INIT; - - memset( &callback_ctx, 0, sizeof(struct sendto_callback_context)); - callback_ctx.context = context; -@@ -225,109 +225,104 @@ - &callback_ctx.ap_req))) - goto cleanup; - -- do { -- if ((code = krb5_locate_kpasswd(callback_ctx.context, -- krb5_princ_realm(callback_ctx.context, -- creds->server), -- &al, useTcp))) -- break; -- -+ code = krb5_locate_kpasswd(callback_ctx.context, -+ krb5_princ_realm(callback_ctx.context, -+ creds->server), -+ &al, useTcp); -+ code2 = krb5_locate_kpasswd(callback_ctx.context, -+ krb5_princ_realm(callback_ctx.context, -+ creds->server), -+ &al2, !useTcp); -+ if ((al.naddrs + al2.naddrs) == 0) { -+ if (!code) -+ code = code2 ? code2 : KRB5_REALM_CANT_RESOLVE; -+ goto cleanup; -+ } -+ -+ if (al2.naddrs > 0) { -+ if (krb5int_grow_addrlist(&al, al2.naddrs)) -+ goto cleanup; -+ for (i = 0; i < al2.naddrs; i++) -+ al.addrs[al.naddrs++] = al2.addrs[i]; -+ al2.naddrs = 0; -+ } -+ -- addrlen = sizeof(remote_addr); -- -- callback_info.context = (void*) &callback_ctx; -- callback_info.pfn_callback = kpasswd_sendto_msg_callback; -- callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup; -- -- if ((code = krb5int_sendto(callback_ctx.context, -- NULL, -- &al, -- &callback_info, -- &chpw_rep, -- NULL, -- NULL, -- ss2sa(&remote_addr), -- &addrlen, -- NULL, -- NULL, -- NULL -- ))) { -- -- /* -- * Here we may want to switch to TCP on some errors. -- * right? -- */ -- break; -- } -- -+ addrlen = sizeof(remote_addr); -+ -+ callback_info.context = (void*) &callback_ctx; -+ callback_info.pfn_callback = kpasswd_sendto_msg_callback; -+ callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup; -+ -+ if ((code = krb5int_sendto(callback_ctx.context, -+ NULL, -+ &al, -+ &callback_info, -+ &chpw_rep, -+ NULL, -+ NULL, -+ ss2sa(&remote_addr), -+ &addrlen, -+ NULL, -+ NULL, -+ NULL -+ ))) -+ goto cleanup; -+ -- remote_kaddr.addrtype = ADDRTYPE_INET; -- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); -- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; -- -- if ((code = krb5_auth_con_setaddrs(callback_ctx.context, -- callback_ctx.auth_context, -- NULL, -- &remote_kaddr))) -- break; -- -+ remote_kaddr.addrtype = ADDRTYPE_INET; -+ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr); -+ remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr; -+ -+ if ((code = krb5_auth_con_setaddrs(callback_ctx.context, -+ callback_ctx.auth_context, -+ NULL, -+ &remote_kaddr))) -+ goto cleanup; -+ -- if (set_password_for) -- code = krb5int_rd_setpw_rep(callback_ctx.context, -- callback_ctx.auth_context, -- &chpw_rep, -- &local_result_code, -- result_string); -- else -- code = krb5int_rd_chpw_rep(callback_ctx.context, -- callback_ctx.auth_context, -- &chpw_rep, -- &local_result_code, -- result_string); -- -- if (code) { -- if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { -- krb5int_free_addrlist (&al); -- useTcp = 1; -- continue; -- } -- -- break; -- } -- -- if (result_code) -- *result_code = local_result_code; -- -+ if (set_password_for) -+ code = krb5int_rd_setpw_rep(callback_ctx.context, -+ callback_ctx.auth_context, -+ &chpw_rep, -+ &local_result_code, -+ result_string); -+ else -+ code = krb5int_rd_chpw_rep(callback_ctx.context, -+ callback_ctx.auth_context, -+ &chpw_rep, -+ &local_result_code, -+ result_string); -+ -+ if (code) -+ goto cleanup; -+ -+ if (result_code) -+ *result_code = local_result_code; -+ -- if (result_code_string) { -- if (set_password_for) -- code = krb5int_setpw_result_code_string(callback_ctx.context, -- local_result_code, -- (const char **)&code_string); -- else -- code = krb5_chpw_result_code_string(callback_ctx.context, -- local_result_code, -- &code_string); -- if(code) -- goto cleanup; -- -- result_code_string->length = strlen(code_string); -- result_code_string->data = malloc(result_code_string->length); -- if (result_code_string->data == NULL) { -- code = ENOMEM; -- goto cleanup; -- } -- strncpy(result_code_string->data, code_string, result_code_string->length); -- } -- -- if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) { -- krb5int_free_addrlist (&al); -- useTcp = 1; -- } else { -- break; -- } -- } while (TRUE); -+ if (result_code_string) { -+ if (set_password_for) -+ code = krb5int_setpw_result_code_string(callback_ctx.context, -+ local_result_code, -+ (const char **) &code_string); -+ else -+ code = krb5_chpw_result_code_string(callback_ctx.context, -+ local_result_code, -+ &code_string); -+ if (code) -+ goto cleanup; -+ -+ result_code_string->length = strlen(code_string); -+ result_code_string->data = malloc(result_code_string->length); -+ if (result_code_string->data == NULL) { -+ code = ENOMEM; -+ goto cleanup; -+ } -+ strncpy(result_code_string->data, code_string, result_code_string->length); -+ } - - cleanup: - if (callback_ctx.auth_context != NULL) - krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context); - -+ krb5int_free_addrlist (&al2); - krb5int_free_addrlist (&al); - krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req); - diff --git a/krb5.changes b/krb5.changes index dfc0c4c..b2d9a34 100644 --- a/krb5.changes +++ b/krb5.changes @@ -2,6 +2,7 @@ Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com - add patches from Fedora and upstream +- fix init scripts (bnc#689006) ------------------------------------------------------------------- Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com diff --git a/krb5.spec b/krb5.spec index c399186..af23bce 100644 --- a/krb5.spec +++ b/krb5.spec @@ -50,12 +50,10 @@ Source2: baselibs.conf Source5: krb5-rpmlintrc Source10: krb5-1.8-manpaths.txt Patch1: krb5-1.9-buildconf.patch -#Patch2: krb5-1.6.3-kprop-use-mkstemp.dif Patch3: krb5-1.9-manpaths.dif Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif Patch6: krb5-1.6.3-kpasswd_tcp.patch Patch7: krb5-1.6.3-ktutil-manpage.dif -#Patch8: krb5-1.6.3-fix-ipv6-query.dif Patch10: krb5-1.7-doublelog.patch Patch11: krb5-1.7-nodeplibs.patch Patch12: krb5-1.8-api.patch @@ -212,7 +210,6 @@ Authors: %prep %setup -q -n %{srcRoot} %setup -a 1 -T -D -n %{srcRoot} -#%patch2 %patch13 -p1 %patch3 -p1 %patch21 -p1 @@ -220,7 +217,6 @@ Authors: %patch5 -p1 %patch6 %patch7 -p1 -#%patch8 -p1 %patch10 -p1 %patch11 -p1 %patch12 -p1 diff --git a/vendor-files.tar.bz2 b/vendor-files.tar.bz2 index db83bea..a1ab2df 100644 --- a/vendor-files.tar.bz2 +++ b/vendor-files.tar.bz2 @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7d61e2ba73a57830342b6bb32c7c0ee3c0bd84cf2ae865c86d7f28dd0edc62c5 -size 182064 +oid sha256:f3ddbe33faa51dc418985ce06509394c23144a7eb3ddaae495f70a28203ad31a +size 182094