- update to version 1.11.1
* Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - obsolets a lot of patches - refactor some patches - update to version 1.11.1 * Improve ASN.1 support code, making it table-driven for decoding as well as encoding * Refactor parts of KDC * Documentation consolidation * build docs in the main package * bugfixing - obsolets a lot of patches - refactor some patches OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=90
This commit is contained in:
parent
66ced8b26b
commit
13e38775f6
@ -1,45 +0,0 @@
|
|||||||
commit c773d3c775e9b2d88bcdff5f8a8ba88d7ec4e8ed
|
|
||||||
Author: Xi Wang <xi.wang@gmail.com>
|
|
||||||
Date: Thu Feb 14 18:17:40 2013 -0500
|
|
||||||
|
|
||||||
PKINIT null pointer deref [CVE-2013-1415]
|
|
||||||
|
|
||||||
Don't dereference a null pointer when cleaning up.
|
|
||||||
|
|
||||||
The KDC plugin for PKINIT can dereference a null pointer when a
|
|
||||||
malformed packet causes processing to terminate early, leading to
|
|
||||||
a crash of the KDC process. An attacker would need to have a valid
|
|
||||||
PKINIT certificate or have observed a successful PKINIT authentication,
|
|
||||||
or an unauthenticated attacker could execute the attack if anonymous
|
|
||||||
PKINIT is enabled.
|
|
||||||
|
|
||||||
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:C/E:P/RL:O/RC:C
|
|
||||||
|
|
||||||
This is a minimal commit for pullup; style fixes in a followup.
|
|
||||||
[kaduk@mit.edu: reformat and edit commit message]
|
|
||||||
|
|
||||||
ticket: 7570 (new)
|
|
||||||
target_version: 1.11.1
|
|
||||||
tags: pullup
|
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
||||||
+++ krb5-1.10.2/src/plugins/preauth/pkinit/pkinit_crypto_openssl.c
|
|
||||||
@@ -3242,7 +3242,7 @@ pkinit_check_kdc_pkid(krb5_context conte
|
|
||||||
pkiDebug("found kdcPkId in AS REQ\n");
|
|
||||||
is = d2i_PKCS7_ISSUER_AND_SERIAL(NULL, &p, (int)pkid_len);
|
|
||||||
if (is == NULL)
|
|
||||||
- goto cleanup;
|
|
||||||
+ return retval;
|
|
||||||
|
|
||||||
status = X509_NAME_cmp(X509_get_issuer_name(kdc_cert), is->issuer);
|
|
||||||
if (!status) {
|
|
||||||
@@ -3252,7 +3252,6 @@ pkinit_check_kdc_pkid(krb5_context conte
|
|
||||||
}
|
|
||||||
|
|
||||||
retval = 0;
|
|
||||||
-cleanup:
|
|
||||||
X509_NAME_free(is->issuer);
|
|
||||||
ASN1_INTEGER_free(is->serial);
|
|
||||||
free(is);
|
|
@ -1,40 +0,0 @@
|
|||||||
commit cd5ff932c9d1439c961b0cf9ccff979356686aff
|
|
||||||
Author: Nalin Dahyabhai <nalin@redhat.com>
|
|
||||||
Date: Thu Dec 13 14:26:07 2012 -0500
|
|
||||||
|
|
||||||
PKINIT (draft9) null ptr deref [CVE-2012-1016]
|
|
||||||
|
|
||||||
Don't check for an agility KDF identifier in the non-draft9 reply
|
|
||||||
structure when we're building a draft9 reply, because it'll be NULL.
|
|
||||||
|
|
||||||
The KDC plugin for PKINIT can dereference a null pointer when handling
|
|
||||||
a draft9 request, leading to a crash of the KDC process. An attacker
|
|
||||||
would need to have a valid PKINIT certificate, or an unauthenticated
|
|
||||||
attacker could execute the attack if anonymous PKINIT is enabled.
|
|
||||||
|
|
||||||
CVSSv2 vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:P/RL:O/RC:C
|
|
||||||
|
|
||||||
[tlyu@mit.edu: reformat comment and edit log message]
|
|
||||||
|
|
||||||
ticket: 7506 (new)
|
|
||||||
target_version: 1.11
|
|
||||||
tags: pullup
|
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/plugins/preauth/pkinit/pkinit_srv.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/plugins/preauth/pkinit/pkinit_srv.c
|
|
||||||
+++ krb5-1.10.2/src/plugins/preauth/pkinit/pkinit_srv.c
|
|
||||||
@@ -1016,9 +1016,10 @@ pkinit_server_return_padata(krb5_context
|
|
||||||
rep9->choice == choice_pa_pk_as_rep_draft9_dhSignedData) ||
|
|
||||||
(rep != NULL && rep->choice == choice_pa_pk_as_rep_dhInfo)) {
|
|
||||||
|
|
||||||
- /* If mutually supported KDFs were found, use the alg agility KDF */
|
|
||||||
- if (rep->u.dh_Info.kdfID) {
|
|
||||||
- secret.data = server_key;
|
|
||||||
+ /* If we're not doing draft 9, and mutually supported KDFs were found,
|
|
||||||
+ * use the algorithm agility KDF. */
|
|
||||||
+ if (rep != NULL && rep->u.dh_Info.kdfID) {
|
|
||||||
+ secret.data = (char *)server_key;
|
|
||||||
secret.length = server_key_len;
|
|
||||||
|
|
||||||
retval = pkinit_alg_agility_kdf(context, &secret,
|
|
@ -4,10 +4,10 @@ the -L/usr/lib* and PIE flags where they might leak out and affect
|
|||||||
apps which just want to link with the libraries. FIXME: needs to check and
|
apps which just want to link with the libraries. FIXME: needs to check and
|
||||||
not just assume that the compiler supports using these flags.
|
not just assume that the compiler supports using these flags.
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/config/shlib.conf
|
Index: krb5-1.11/src/config/shlib.conf
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/config/shlib.conf
|
--- krb5-1.11.orig/src/config/shlib.conf
|
||||||
+++ krb5-1.10.2/src/config/shlib.conf
|
+++ krb5-1.11/src/config/shlib.conf
|
||||||
@@ -419,7 +419,7 @@ mips-*-netbsd*)
|
@@ -419,7 +419,7 @@ mips-*-netbsd*)
|
||||||
SHLIBEXT=.so
|
SHLIBEXT=.so
|
||||||
# Linux ld doesn't default to stuffing the SONAME field...
|
# Linux ld doesn't default to stuffing the SONAME field...
|
||||||
@ -27,11 +27,11 @@ Index: krb5-1.10.2/src/config/shlib.conf
|
|||||||
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
CC_LINK_STATIC='$(CC) $(PROG_LIBPATH) $(CFLAGS) $(LDFLAGS)'
|
||||||
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
CXX_LINK_SHARED='$(CXX) $(PROG_LIBPATH) $(PROG_RPATH_FLAGS) $(CXXFLAGS) $(LDFLAGS)'
|
||||||
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
CXX_LINK_STATIC='$(CXX) $(PROG_LIBPATH) $(CXXFLAGS) $(LDFLAGS)'
|
||||||
Index: krb5-1.10.2/src/krb5-config.in
|
Index: krb5-1.11/src/krb5-config.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/krb5-config.in
|
--- krb5-1.11.orig/src/krb5-config.in
|
||||||
+++ krb5-1.10.2/src/krb5-config.in
|
+++ krb5-1.11/src/krb5-config.in
|
||||||
@@ -189,6 +189,13 @@ if test -n "$do_libs"; then
|
@@ -221,6 +221,13 @@ if test -n "$do_libs"; then
|
||||||
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
-e 's#\$(PTHREAD_CFLAGS)#'"$PTHREAD_CFLAGS"'#' \
|
||||||
-e 's#\$(CFLAGS)##'`
|
-e 's#\$(CFLAGS)##'`
|
||||||
|
|
||||||
@ -45,11 +45,11 @@ Index: krb5-1.10.2/src/krb5-config.in
|
|||||||
if test $library = 'kdb'; then
|
if test $library = 'kdb'; then
|
||||||
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
lib_flags="$lib_flags -lkdb5 $KDB5_DB_LIB"
|
||||||
library=krb5
|
library=krb5
|
||||||
Index: krb5-1.10.2/src/config/pre.in
|
Index: krb5-1.11/src/config/pre.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/config/pre.in
|
--- krb5-1.11.orig/src/config/pre.in
|
||||||
+++ krb5-1.10.2/src/config/pre.in
|
+++ krb5-1.11/src/config/pre.in
|
||||||
@@ -190,7 +190,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST
|
@@ -185,7 +185,7 @@ INSTALL_PROGRAM=@INSTALL_PROGRAM@ $(INST
|
||||||
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
INSTALL_SCRIPT=@INSTALL_PROGRAM@
|
||||||
INSTALL_DATA=@INSTALL_DATA@
|
INSTALL_DATA=@INSTALL_DATA@
|
||||||
INSTALL_SHLIB=@INSTALL_SHLIB@
|
INSTALL_SHLIB=@INSTALL_SHLIB@
|
||||||
|
@ -1,12 +0,0 @@
|
|||||||
This file also triggers the maybe-uninitialized warning/error. RT#7080
|
|
||||||
|
|
||||||
--- src/lib/krb5/krb/x-deltat.y
|
|
||||||
+++ src/lib/krb5/krb/x-deltat.y
|
|
||||||
@@ -44,6 +44,7 @@
|
|
||||||
#ifdef __GNUC__
|
|
||||||
#pragma GCC diagnostic push
|
|
||||||
#pragma GCC diagnostic ignored "-Wuninitialized"
|
|
||||||
+#pragma GCC diagnostic ignored "-Wmaybe-uninitialized"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <ctype.h>
|
|
53
krb5-1.10-ksu-access.patch
Normal file
53
krb5-1.10-ksu-access.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
The idea is to not complain about problems in the default ticket file if we
|
||||||
|
couldn't read it, because the client would be able to tell if it's there or
|
||||||
|
not, and we're implicitly letting the client tell us where it is. Still needs
|
||||||
|
work, I think.
|
||||||
|
|
||||||
|
Index: krb5-1.11.1/src/clients/ksu/ccache.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/clients/ksu/ccache.c
|
||||||
|
+++ krb5-1.11.1/src/clients/ksu/ccache.c
|
||||||
|
@@ -77,7 +77,7 @@ krb5_error_code krb5_ccache_copy (contex
|
||||||
|
cc_def_name = krb5_cc_get_name(context, cc_def);
|
||||||
|
cc_other_name = krb5_cc_get_name(context, *cc_other);
|
||||||
|
|
||||||
|
- if ( ! stat(cc_def_name, &st_temp)){
|
||||||
|
+ if ( ! access(cc_def_name, R_OK) && ! stat(cc_def_name, &st_temp)){
|
||||||
|
if((retval = krb5_get_nonexp_tkts(context,cc_def,&cc_def_creds_arr))){
|
||||||
|
return retval;
|
||||||
|
}
|
||||||
|
Index: krb5-1.11.1/src/clients/ksu/heuristic.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/clients/ksu/heuristic.c
|
||||||
|
+++ krb5-1.11.1/src/clients/ksu/heuristic.c
|
||||||
|
@@ -409,7 +409,7 @@ krb5_error_code find_either_ticket (cont
|
||||||
|
|
||||||
|
cc_source_name = krb5_cc_get_name(context, cc);
|
||||||
|
|
||||||
|
- if ( ! stat(cc_source_name, &st_temp)){
|
||||||
|
+ if ( ! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)){
|
||||||
|
|
||||||
|
retval = find_ticket(context, cc, client, end_server, &temp_found);
|
||||||
|
if (retval)
|
||||||
|
@@ -569,7 +569,7 @@ krb5_error_code get_best_princ_for_targe
|
||||||
|
cc_source_name = krb5_cc_get_name(context, cc_source);
|
||||||
|
|
||||||
|
|
||||||
|
- if (! stat(cc_source_name, &st_temp)) {
|
||||||
|
+ if (! access(cc_source_name, F_OK | R_OK) && ! stat(cc_source_name, &st_temp)) {
|
||||||
|
retval = krb5_cc_get_principal(context, cc_source, &cc_def_princ);
|
||||||
|
if (retval)
|
||||||
|
return retval;
|
||||||
|
Index: krb5-1.11.1/src/clients/ksu/main.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/clients/ksu/main.c
|
||||||
|
+++ krb5-1.11.1/src/clients/ksu/main.c
|
||||||
|
@@ -271,7 +271,7 @@ main (argc, argv)
|
||||||
|
if ( strchr(cc_source_tag, ':')){
|
||||||
|
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
|
||||||
|
|
||||||
|
- if( stat( cc_source_tag_tmp, &st_temp)){
|
||||||
|
+ if( access( cc_source_tag_tmp, F_OK | R_OK) || stat( cc_source_tag_tmp, &st_temp)){
|
||||||
|
com_err(prog_name, errno,
|
||||||
|
_("while looking for credentials file %s"),
|
||||||
|
cc_source_tag_tmp);
|
@ -1,29 +0,0 @@
|
|||||||
commit 2b06a22f7fd8ec01fb27a7335125290b8ceb6f18
|
|
||||||
Author: Greg Hudson <ghudson@mit.edu>
|
|
||||||
Date: Thu Nov 29 01:58:13 2012 -0500
|
|
||||||
|
|
||||||
Fix spin-loop bug in k5_sendto_kdc
|
|
||||||
|
|
||||||
In the second part of the first pass over the server list, we passed
|
|
||||||
the wrong list pointer to service_fds, causing it to see only a subset
|
|
||||||
of the server entries corresponding to sel_state. This could cause
|
|
||||||
service_fds to spin if an event is reported on an fd not in the
|
|
||||||
subset.
|
|
||||||
|
|
||||||
ticket: 7454
|
|
||||||
target_version: 1.10.4
|
|
||||||
tags: pullup
|
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/lib/krb5/os/sendto_kdc.c
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/lib/krb5/os/sendto_kdc.c
|
|
||||||
+++ krb5-1.10.2/src/lib/krb5/os/sendto_kdc.c
|
|
||||||
@@ -1287,7 +1287,7 @@ k5_sendto(krb5_context context, const kr
|
|
||||||
continue;
|
|
||||||
if (maybe_send(context, state, sel_state, callback_info))
|
|
||||||
continue;
|
|
||||||
- done = service_fds(context, sel_state, 1, state, seltemp, msg_handler,
|
|
||||||
+ done = service_fds(context, sel_state, 1, conns, seltemp, msg_handler,
|
|
||||||
msg_handler_data, &winner);
|
|
||||||
}
|
|
||||||
|
|
@ -1,3 +0,0 @@
|
|||||||
version https://git-lfs.github.com/spec/v1
|
|
||||||
oid sha256:479d66291ae989d5db9daca5838ff4bddde45c77b703fadcf78ca6d1db315bd8
|
|
||||||
size 9457236
|
|
@ -11,11 +11,11 @@ When enabled, ksu gains a dependency on libpam.
|
|||||||
Originally RT#5939, though it's changed since then to perform the account
|
Originally RT#5939, though it's changed since then to perform the account
|
||||||
and session management before dropping privileges.
|
and session management before dropping privileges.
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/aclocal.m4
|
Index: krb5-1.11.1/src/aclocal.m4
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
--- krb5-1.11.1.orig/src/aclocal.m4
|
||||||
+++ krb5-1.10.2/src/aclocal.m4
|
+++ krb5-1.11.1/src/aclocal.m4
|
||||||
@@ -1676,3 +1676,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
|
@@ -1664,3 +1664,70 @@ AC_DEFUN(KRB5_AC_KEYRING_CCACHE,[
|
||||||
]))
|
]))
|
||||||
])dnl
|
])dnl
|
||||||
dnl
|
dnl
|
||||||
@ -86,10 +86,10 @@ Index: krb5-1.10.2/src/aclocal.m4
|
|||||||
+AC_SUBST(PAM_MAN)
|
+AC_SUBST(PAM_MAN)
|
||||||
+AC_SUBST(NON_PAM_MAN)
|
+AC_SUBST(NON_PAM_MAN)
|
||||||
+])dnl
|
+])dnl
|
||||||
Index: krb5-1.10.2/src/clients/ksu/main.c
|
Index: krb5-1.11.1/src/clients/ksu/main.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/clients/ksu/main.c
|
--- krb5-1.11.1.orig/src/clients/ksu/main.c
|
||||||
+++ krb5-1.10.2/src/clients/ksu/main.c
|
+++ krb5-1.11.1/src/clients/ksu/main.c
|
||||||
@@ -26,6 +26,7 @@
|
@@ -26,6 +26,7 @@
|
||||||
* KSU was writen by: Ari Medvinsky, ari@isi.edu
|
* KSU was writen by: Ari Medvinsky, ari@isi.edu
|
||||||
*/
|
*/
|
||||||
@ -249,10 +249,10 @@ Index: krb5-1.10.2/src/clients/ksu/main.c
|
|||||||
exit (1);
|
exit (1);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
Index: krb5-1.10.2/src/clients/ksu/Makefile.in
|
Index: krb5-1.11.1/src/clients/ksu/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/clients/ksu/Makefile.in
|
--- krb5-1.11.1.orig/src/clients/ksu/Makefile.in
|
||||||
+++ krb5-1.10.2/src/clients/ksu/Makefile.in
|
+++ krb5-1.11.1/src/clients/ksu/Makefile.in
|
||||||
@@ -7,12 +7,14 @@ PROG_LIBPATH=-L$(TOPLIBD)
|
@@ -7,12 +7,14 @@ PROG_LIBPATH=-L$(TOPLIBD)
|
||||||
PROG_RPATH=$(KRB5_LIBDIR)
|
PROG_RPATH=$(KRB5_LIBDIR)
|
||||||
|
|
||||||
@ -287,10 +287,10 @@ Index: krb5-1.10.2/src/clients/ksu/Makefile.in
|
|||||||
|
|
||||||
clean::
|
clean::
|
||||||
$(RM) ksu
|
$(RM) ksu
|
||||||
Index: krb5-1.10.2/src/clients/ksu/pam.c
|
Index: krb5-1.11.1/src/clients/ksu/pam.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.10.2/src/clients/ksu/pam.c
|
+++ krb5-1.11.1/src/clients/ksu/pam.c
|
||||||
@@ -0,0 +1,389 @@
|
@@ -0,0 +1,389 @@
|
||||||
+/*
|
+/*
|
||||||
+ * src/clients/ksu/pam.c
|
+ * src/clients/ksu/pam.c
|
||||||
@ -681,10 +681,10 @@ Index: krb5-1.10.2/src/clients/ksu/pam.c
|
|||||||
+ return ret;
|
+ return ret;
|
||||||
+}
|
+}
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.10.2/src/clients/ksu/pam.h
|
Index: krb5-1.11.1/src/clients/ksu/pam.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.10.2/src/clients/ksu/pam.h
|
+++ krb5-1.11.1/src/clients/ksu/pam.h
|
||||||
@@ -0,0 +1,57 @@
|
@@ -0,0 +1,57 @@
|
||||||
+/*
|
+/*
|
||||||
+ * src/clients/ksu/pam.h
|
+ * src/clients/ksu/pam.h
|
||||||
@ -743,16 +743,16 @@ Index: krb5-1.10.2/src/clients/ksu/pam.h
|
|||||||
+int appl_pam_cred_init(void);
|
+int appl_pam_cred_init(void);
|
||||||
+void appl_pam_cleanup(void);
|
+void appl_pam_cleanup(void);
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.10.2/src/configure.in
|
Index: krb5-1.11.1/src/configure.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/configure.in
|
--- krb5-1.11.1.orig/src/configure.in
|
||||||
+++ krb5-1.10.2/src/configure.in
|
+++ krb5-1.11.1/src/configure.in
|
||||||
@@ -1246,6 +1246,8 @@ if test "${localedir+set}" != set; then
|
@@ -1244,6 +1244,8 @@ AC_SUBST([VERTO_VERSION])
|
||||||
fi
|
|
||||||
AC_SUBST(localedir)
|
AC_PATH_PROG(GROFF, groff)
|
||||||
|
|
||||||
+KRB5_WITH_PAM
|
+KRB5_WITH_PAM
|
||||||
+
|
+
|
||||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
# Make localedir work in autoconf 2.5x.
|
||||||
V5_AC_OUTPUT_MAKEFILE(.
|
if test "${localedir+set}" != set; then
|
||||||
|
localedir='$(datadir)/locale'
|
@ -31,10 +31,10 @@ The selabel APIs for looking up the context should be thread-safe (per
|
|||||||
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
Red Hat #273081), so switching to using them instead of matchpathcon(),
|
||||||
which we used earlier, is some improvement.
|
which we used earlier, is some improvement.
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/aclocal.m4
|
Index: krb5-1.11.1/src/aclocal.m4
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
--- krb5-1.11.1.orig/src/aclocal.m4
|
||||||
+++ krb5-1.10.2/src/aclocal.m4
|
+++ krb5-1.11.1/src/aclocal.m4
|
||||||
@@ -84,6 +84,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
@@ -84,6 +84,7 @@ AC_SUBST_FILE(libnodeps_frag)
|
||||||
dnl
|
dnl
|
||||||
KRB5_AC_PRAGMA_WEAK_REF
|
KRB5_AC_PRAGMA_WEAK_REF
|
||||||
@ -43,10 +43,10 @@ Index: krb5-1.10.2/src/aclocal.m4
|
|||||||
KRB5_LIB_PARAMS
|
KRB5_LIB_PARAMS
|
||||||
KRB5_AC_INITFINI
|
KRB5_AC_INITFINI
|
||||||
KRB5_AC_ENABLE_THREADS
|
KRB5_AC_ENABLE_THREADS
|
||||||
@@ -1764,3 +1765,51 @@ AC_SUBST(manlocalstatedir)
|
@@ -1731,3 +1732,51 @@ AC_SUBST(PAM_LIBS)
|
||||||
AC_SUBST(manlibexecdir)
|
AC_SUBST(PAM_MAN)
|
||||||
AC_CONFIG_FILES($1)
|
AC_SUBST(NON_PAM_MAN)
|
||||||
])
|
])dnl
|
||||||
+dnl
|
+dnl
|
||||||
+dnl Use libselinux to set file contexts on newly-created files.
|
+dnl Use libselinux to set file contexts on newly-created files.
|
||||||
+dnl
|
+dnl
|
||||||
@ -95,11 +95,11 @@ Index: krb5-1.10.2/src/aclocal.m4
|
|||||||
+LIBS="$old_LIBS"
|
+LIBS="$old_LIBS"
|
||||||
+AC_SUBST(SELINUX_LIBS)
|
+AC_SUBST(SELINUX_LIBS)
|
||||||
+])dnl
|
+])dnl
|
||||||
Index: krb5-1.10.2/src/config/pre.in
|
Index: krb5-1.11.1/src/config/pre.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/config/pre.in
|
--- krb5-1.11.1.orig/src/config/pre.in
|
||||||
+++ krb5-1.10.2/src/config/pre.in
|
+++ krb5-1.11.1/src/config/pre.in
|
||||||
@@ -182,6 +182,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PR
|
@@ -178,6 +178,7 @@ LD_UNRESOLVED_PREFIX = @LD_UNRESOLVED_PR
|
||||||
LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
|
LD_SHLIBDIR_PREFIX = @LD_SHLIBDIR_PREFIX@
|
||||||
LDARGS = @LDARGS@
|
LDARGS = @LDARGS@
|
||||||
LIBS = @LIBS@
|
LIBS = @LIBS@
|
||||||
@ -107,7 +107,7 @@ Index: krb5-1.10.2/src/config/pre.in
|
|||||||
|
|
||||||
INSTALL=@INSTALL@
|
INSTALL=@INSTALL@
|
||||||
INSTALL_STRIP=
|
INSTALL_STRIP=
|
||||||
@@ -406,7 +407,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
@@ -403,7 +404,7 @@ SUPPORT_LIB = -l$(SUPPORT_LIBNAME)
|
||||||
# HESIOD_LIBS is -lhesiod...
|
# HESIOD_LIBS is -lhesiod...
|
||||||
HESIOD_LIBS = @HESIOD_LIBS@
|
HESIOD_LIBS = @HESIOD_LIBS@
|
||||||
|
|
||||||
@ -116,24 +116,24 @@ Index: krb5-1.10.2/src/config/pre.in
|
|||||||
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
KDB5_LIBS = $(KDB5_LIB) $(GSSRPC_LIBS)
|
||||||
GSS_LIBS = $(GSS_KRB5_LIB)
|
GSS_LIBS = $(GSS_KRB5_LIB)
|
||||||
# needs fixing if ever used on Mac OS X!
|
# needs fixing if ever used on Mac OS X!
|
||||||
Index: krb5-1.10.2/src/configure.in
|
Index: krb5-1.11.1/src/configure.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/configure.in
|
--- krb5-1.11.1.orig/src/configure.in
|
||||||
+++ krb5-1.10.2/src/configure.in
|
+++ krb5-1.11.1/src/configure.in
|
||||||
@@ -1248,6 +1248,8 @@ AC_SUBST(localedir)
|
@@ -1246,6 +1246,8 @@ AC_PATH_PROG(GROFF, groff)
|
||||||
|
|
||||||
KRB5_WITH_PAM
|
KRB5_WITH_PAM
|
||||||
|
|
||||||
+KRB5_WITH_SELINUX
|
+KRB5_WITH_SELINUX
|
||||||
+
|
+
|
||||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
# Make localedir work in autoconf 2.5x.
|
||||||
|
if test "${localedir+set}" != set; then
|
||||||
V5_AC_OUTPUT_MANPAGE([
|
localedir='$(datadir)/locale'
|
||||||
Index: krb5-1.10.2/src/include/k5-int.h
|
Index: krb5-1.11.1/src/include/k5-int.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/include/k5-int.h
|
--- krb5-1.11.1.orig/src/include/k5-int.h
|
||||||
+++ krb5-1.10.2/src/include/k5-int.h
|
+++ krb5-1.11.1/src/include/k5-int.h
|
||||||
@@ -135,6 +135,7 @@ typedef unsigned char u_char;
|
@@ -133,6 +133,7 @@ typedef unsigned char u_char;
|
||||||
typedef UINT64_TYPE krb5_ui_8;
|
typedef UINT64_TYPE krb5_ui_8;
|
||||||
typedef INT64_TYPE krb5_int64;
|
typedef INT64_TYPE krb5_int64;
|
||||||
|
|
||||||
@ -141,10 +141,10 @@ Index: krb5-1.10.2/src/include/k5-int.h
|
|||||||
|
|
||||||
#define DEFAULT_PWD_STRING1 "Enter password"
|
#define DEFAULT_PWD_STRING1 "Enter password"
|
||||||
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
|
#define DEFAULT_PWD_STRING2 "Re-enter password for verification"
|
||||||
Index: krb5-1.10.2/src/include/k5-label.h
|
Index: krb5-1.11.1/src/include/k5-label.h
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.10.2/src/include/k5-label.h
|
+++ krb5-1.11.1/src/include/k5-label.h
|
||||||
@@ -0,0 +1,32 @@
|
@@ -0,0 +1,32 @@
|
||||||
+#ifndef _KRB5_LABEL_H
|
+#ifndef _KRB5_LABEL_H
|
||||||
+#define _KRB5_LABEL_H
|
+#define _KRB5_LABEL_H
|
||||||
@ -178,11 +178,11 @@ Index: krb5-1.10.2/src/include/k5-label.h
|
|||||||
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
+#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||||
+#endif
|
+#endif
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.10.2/src/include/krb5/krb5.hin
|
Index: krb5-1.11.1/src/include/krb5/krb5.hin
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/include/krb5/krb5.hin
|
--- krb5-1.11.1.orig/src/include/krb5/krb5.hin
|
||||||
+++ krb5-1.10.2/src/include/krb5/krb5.hin
|
+++ krb5-1.11.1/src/include/krb5/krb5.hin
|
||||||
@@ -83,6 +83,12 @@
|
@@ -87,6 +87,12 @@
|
||||||
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
#define THREEPARAMOPEN(x,y,z) open(x,y,z)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -195,41 +195,54 @@ Index: krb5-1.10.2/src/include/krb5/krb5.hin
|
|||||||
#define KRB5_OLD_CRYPTO
|
#define KRB5_OLD_CRYPTO
|
||||||
|
|
||||||
#include <stdlib.h>
|
#include <stdlib.h>
|
||||||
Index: krb5-1.10.2/src/kadmin/dbutil/dump.c
|
Index: krb5-1.11.1/src/kadmin/dbutil/dump.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/kadmin/dbutil/dump.c
|
--- krb5-1.11.1.orig/src/kadmin/dbutil/dump.c
|
||||||
+++ krb5-1.10.2/src/kadmin/dbutil/dump.c
|
+++ krb5-1.11.1/src/kadmin/dbutil/dump.c
|
||||||
@@ -346,7 +346,7 @@ void update_ok_file (file_name)
|
@@ -376,12 +376,21 @@ create_ofile(char *ofile, char **tmpname
|
||||||
exit_status++;
|
{
|
||||||
return;
|
int fd = -1;
|
||||||
|
FILE *f;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
*tmpname = NULL;
|
||||||
|
if (asprintf(tmpname, "%s-XXXXXX", ofile) < 0)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(ofile);
|
||||||
|
+#endif
|
||||||
|
fd = mkstemp(*tmpname);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
if (fd == -1)
|
||||||
|
goto error;
|
||||||
|
|
||||||
|
@@ -505,7 +514,7 @@ prep_ok_file(krb5_context context, char
|
||||||
|
return 0;
|
||||||
}
|
}
|
||||||
- if ((fd = open(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
|
||||||
+ if ((fd = THREEPARAMOPEN(file_ok, O_WRONLY|O_CREAT|O_TRUNC, 0600)) < 0) {
|
- *fd = open(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||||
com_err(progname, errno, _("while creating 'ok' file, '%s'"),
|
+ *fd = THREEPARAMOPEN(file_ok, O_WRONLY | O_CREAT | O_TRUNC, 0600);
|
||||||
file_ok);
|
if (*fd == -1) {
|
||||||
|
com_err(progname, errno, _("while creating 'ok' file, '%s'"), file_ok);
|
||||||
exit_status++;
|
exit_status++;
|
||||||
@@ -1251,7 +1251,7 @@ dump_db(argc, argv)
|
Index: krb5-1.11.1/src/krb5-config.in
|
||||||
* want to get into.
|
|
||||||
*/
|
|
||||||
unlink(ofile);
|
|
||||||
- if (!(f = fopen(ofile, "w"))) {
|
|
||||||
+ if (!(f = WRITABLEFOPEN(ofile, "w"))) {
|
|
||||||
fprintf(stderr, ofopen_error,
|
|
||||||
progname, ofile, error_message(errno));
|
|
||||||
exit_status++;
|
|
||||||
Index: krb5-1.10.2/src/krb5-config.in
|
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/krb5-config.in
|
--- krb5-1.11.1.orig/src/krb5-config.in
|
||||||
+++ krb5-1.10.2/src/krb5-config.in
|
+++ krb5-1.11.1/src/krb5-config.in
|
||||||
@@ -38,6 +38,7 @@ RPATH_FLAG='@RPATH_FLAG@'
|
@@ -41,6 +41,7 @@ DL_LIB='@DL_LIB@'
|
||||||
PROG_RPATH_FLAGS='@PROG_RPATH_FLAGS@'
|
DEFCCNAME='@DEFCCNAME@'
|
||||||
PTHREAD_CFLAGS='@PTHREAD_CFLAGS@'
|
DEFKTNAME='@DEFKTNAME@'
|
||||||
DL_LIB='@DL_LIB@'
|
DEFCKTNAME='@DEFCKTNAME@'
|
||||||
+SELINUX_LIBS='@SELINUX_LIBS@'
|
+SELINUX_LIBS='@SELINUX_LIBS@'
|
||||||
|
|
||||||
LIBS='@LIBS@'
|
LIBS='@LIBS@'
|
||||||
GEN_LIB=@GEN_LIB@
|
GEN_LIB=@GEN_LIB@
|
||||||
@@ -218,7 +219,7 @@ if test -n "$do_libs"; then
|
@@ -258,7 +259,7 @@ if test -n "$do_libs"; then
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# If we ever support a flag to generate output suitable for static
|
# If we ever support a flag to generate output suitable for static
|
||||||
@ -238,10 +251,10 @@ Index: krb5-1.10.2/src/krb5-config.in
|
|||||||
# here.
|
# here.
|
||||||
|
|
||||||
echo $lib_flags
|
echo $lib_flags
|
||||||
Index: krb5-1.10.2/src/lib/kadm5/logger.c
|
Index: krb5-1.11.1/src/lib/kadm5/logger.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/lib/kadm5/logger.c
|
--- krb5-1.11.1.orig/src/lib/kadm5/logger.c
|
||||||
+++ krb5-1.10.2/src/lib/kadm5/logger.c
|
+++ krb5-1.11.1/src/lib/kadm5/logger.c
|
||||||
@@ -423,7 +423,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
@@ -423,7 +423,7 @@ krb5_klog_init(krb5_context kcontext, ch
|
||||||
* Check for append/overwrite, then open the file.
|
* Check for append/overwrite, then open the file.
|
||||||
*/
|
*/
|
||||||
@ -260,10 +273,10 @@ Index: krb5-1.10.2/src/lib/kadm5/logger.c
|
|||||||
if (f) {
|
if (f) {
|
||||||
set_cloexec_file(f);
|
set_cloexec_file(f);
|
||||||
log_control.log_entries[lindex].lfu_filep = f;
|
log_control.log_entries[lindex].lfu_filep = f;
|
||||||
Index: krb5-1.10.2/src/lib/krb5/keytab/kt_file.c
|
Index: krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/lib/krb5/keytab/kt_file.c
|
--- krb5-1.11.1.orig/src/lib/krb5/keytab/kt_file.c
|
||||||
+++ krb5-1.10.2/src/lib/krb5/keytab/kt_file.c
|
+++ krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
||||||
@@ -1039,7 +1039,7 @@ krb5_ktfileint_open(krb5_context context
|
@@ -1039,7 +1039,7 @@ krb5_ktfileint_open(krb5_context context
|
||||||
|
|
||||||
KTCHECKLOCK(id);
|
KTCHECKLOCK(id);
|
||||||
@ -282,11 +295,11 @@ Index: krb5-1.10.2/src/lib/krb5/keytab/kt_file.c
|
|||||||
if (!KTFILEP(id))
|
if (!KTFILEP(id))
|
||||||
goto report_errno;
|
goto report_errno;
|
||||||
writevno = 1;
|
writevno = 1;
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c
|
Index: krb5-1.11.1/src/plugins/kdb/db2/adb_openclose.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/adb_openclose.c
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/adb_openclose.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c
|
+++ krb5-1.11.1/src/plugins/kdb/db2/adb_openclose.c
|
||||||
@@ -197,7 +197,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
@@ -147,7 +147,7 @@ osa_adb_init_db(osa_adb_db_t *dbp, char
|
||||||
* POSIX systems
|
* POSIX systems
|
||||||
*/
|
*/
|
||||||
lockp->lockinfo.filename = strdup(lockfilename);
|
lockp->lockinfo.filename = strdup(lockfilename);
|
||||||
@ -295,10 +308,10 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/adb_openclose.c
|
|||||||
/*
|
/*
|
||||||
* maybe someone took away write permission so we could only
|
* maybe someone took away write permission so we could only
|
||||||
* get shared locks?
|
* get shared locks?
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
Index: krb5-1.11.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
+++ krb5-1.11.1/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
||||||
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
@@ -60,6 +60,7 @@ static char sccsid[] = "@(#)bt_open.c 8.
|
||||||
|
|
||||||
#include "k5-platform.h" /* mkstemp? */
|
#include "k5-platform.h" /* mkstemp? */
|
||||||
@ -316,10 +329,10 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/btree/bt_open.c
|
|||||||
goto err;
|
goto err;
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c
|
Index: krb5-1.11.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c
|
+++ krb5-1.11.1/src/plugins/kdb/db2/libdb2/hash/hash.c
|
||||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)hash.c 8.12
|
||||||
#include <assert.h>
|
#include <assert.h>
|
||||||
#endif
|
#endif
|
||||||
@ -337,10 +350,10 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/hash/hash.c
|
|||||||
RETURN_ERROR(errno, error0);
|
RETURN_ERROR(errno, error0);
|
||||||
(void)fcntl(hashp->fp, F_SETFD, 1);
|
(void)fcntl(hashp->fp, F_SETFD, 1);
|
||||||
}
|
}
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
Index: krb5-1.11.1/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
+++ krb5-1.11.1/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
||||||
@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR)
|
@@ -12,7 +12,8 @@ PROG_RPATH=$(KRB5_LIBDIR)
|
||||||
|
|
||||||
KRB5_RUN_ENV= @KRB5_RUN_ENV@
|
KRB5_RUN_ENV= @KRB5_RUN_ENV@
|
||||||
@ -351,56 +364,11 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/test/Makefile.in
|
|||||||
DB_DEPLIB = ../libdb$(DEPLIBEXT)
|
DB_DEPLIB = ../libdb$(DEPLIBEXT)
|
||||||
|
|
||||||
all::
|
all::
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
Index: krb5-1.11.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
--- krb5-1.11.1.orig/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
+++ krb5-1.11.1/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
||||||
@@ -1088,7 +1088,7 @@ rem_service_entry_from_file(int argc, ch
|
@@ -179,7 +179,7 @@ done:
|
||||||
|
|
||||||
/* Create a temporary file which contains all the entries except the
|
|
||||||
entry for the given service dn */
|
|
||||||
- pfile = fopen(file_name, "r+");
|
|
||||||
+ pfile = WRITABLEFOPEN(file_name, "r+");
|
|
||||||
if (pfile == NULL) {
|
|
||||||
com_err(me, errno, "while deleting entry from file %s", file_name);
|
|
||||||
goto cleanup;
|
|
||||||
@@ -1105,7 +1105,7 @@ rem_service_entry_from_file(int argc, ch
|
|
||||||
snprintf (tmp_file, strlen(file_name) + 4 + 1, "%s%s", file_name, ".tmp");
|
|
||||||
|
|
||||||
|
|
||||||
- tmpfd = creat(tmp_file, S_IRUSR|S_IWUSR);
|
|
||||||
+ tmpfd = THREEPARAMOPEN(tmp_file, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
|
|
||||||
umask(omask);
|
|
||||||
if (tmpfd == -1) {
|
|
||||||
com_err(me, errno, "while deleting entry from file\n");
|
|
||||||
@@ -1725,7 +1725,7 @@ kdb5_ldap_set_service_password(int argc,
|
|
||||||
|
|
||||||
printf("File does not exist. Creating the file %s...\n", file_name);
|
|
||||||
omask = umask(077);
|
|
||||||
- fd = creat(file_name, S_IRUSR|S_IWUSR);
|
|
||||||
+ fd = THREEPARAMOPEN(file_name, O_CREAT|O_WRONLY|O_TRUNC, S_IRUSR|S_IWUSR);
|
|
||||||
umask(omask);
|
|
||||||
if (fd == -1) {
|
|
||||||
com_err(me, errno, "Error creating file %s", file_name);
|
|
||||||
@@ -1753,7 +1753,7 @@ kdb5_ldap_set_service_password(int argc,
|
|
||||||
|
|
||||||
/* TODO: file lock for the service password file */
|
|
||||||
/* set password in the file */
|
|
||||||
- pfile = fopen(file_name, "r+");
|
|
||||||
+ pfile = WRITABLEFOPEN(file_name, "r+");
|
|
||||||
if (pfile == NULL) {
|
|
||||||
com_err(me, errno, "Failed to open file %s", file_name);
|
|
||||||
goto cleanup;
|
|
||||||
@@ -1794,7 +1794,7 @@ kdb5_ldap_set_service_password(int argc,
|
|
||||||
}
|
|
||||||
|
|
||||||
omask = umask(077);
|
|
||||||
- newfile = fopen(tmp_file, "w+");
|
|
||||||
+ newfile = WRITABLEFOPEN(tmp_file, "w+");
|
|
||||||
umask(omask);
|
|
||||||
if (newfile == NULL) {
|
|
||||||
com_err(me, errno, "Error creating file %s", tmp_file);
|
|
||||||
@@ -2016,7 +2016,7 @@ done:
|
|
||||||
|
|
||||||
/* set password in the file */
|
/* set password in the file */
|
||||||
old_mode = umask(0177);
|
old_mode = umask(0177);
|
||||||
@ -409,29 +377,35 @@ Index: krb5-1.10.2/src/plugins/kdb/ldap/ldap_util/kdb5_ldap_services.c
|
|||||||
if (pfile == NULL) {
|
if (pfile == NULL) {
|
||||||
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
com_err(me, errno, _("Failed to open file %s: %s"), file_name,
|
||||||
strerror (errno));
|
strerror (errno));
|
||||||
@@ -2068,7 +2068,7 @@ done:
|
@@ -220,6 +220,9 @@ done:
|
||||||
|
* Delete the existing entry and add the new entry
|
||||||
|
*/
|
||||||
|
FILE *newfile;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
mode_t omask;
|
||||||
|
|
||||||
|
@@ -231,7 +234,13 @@ done:
|
||||||
}
|
}
|
||||||
|
|
||||||
omask = umask(077);
|
omask = umask(077);
|
||||||
- newfile = fopen(tmp_file, "w");
|
+#ifdef USE_SELINUX
|
||||||
+ newfile = WRITABLEFOPEN(tmp_file, "w");
|
+ selabel = krb5int_push_fscreatecon_for(file_name);
|
||||||
|
+#endif
|
||||||
|
newfile = fopen(tmp_file, "w");
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
umask (omask);
|
umask (omask);
|
||||||
if (newfile == NULL) {
|
if (newfile == NULL) {
|
||||||
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
com_err(me, errno, _("Error creating file %s"), tmp_file);
|
||||||
Index: krb5-1.10.2/src/slave/kpropd.c
|
Index: krb5-1.11.1/src/slave/kpropd.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/slave/kpropd.c
|
--- krb5-1.11.1.orig/src/slave/kpropd.c
|
||||||
+++ krb5-1.10.2/src/slave/kpropd.c
|
+++ krb5-1.11.1/src/slave/kpropd.c
|
||||||
@@ -336,7 +336,7 @@ retry:
|
@@ -459,6 +459,9 @@ void doit(fd)
|
||||||
if (!debug && iproprole != IPROP_SLAVE)
|
|
||||||
daemon(1, 0);
|
|
||||||
#ifdef PID_FILE
|
|
||||||
- if ((pidfile = fopen(PID_FILE, "w")) != NULL) {
|
|
||||||
+ if ((pidfile = WRITABLEFOPEN(PID_FILE, "w")) != NULL) {
|
|
||||||
fprintf(pidfile, "%d\n", getpid());
|
|
||||||
fclose(pidfile);
|
|
||||||
} else
|
|
||||||
@@ -437,6 +437,9 @@ void doit(fd)
|
|
||||||
krb5_enctype etype;
|
krb5_enctype etype;
|
||||||
int database_fd;
|
int database_fd;
|
||||||
char host[INET6_ADDRSTRLEN+1];
|
char host[INET6_ADDRSTRLEN+1];
|
||||||
@ -439,9 +413,9 @@ Index: krb5-1.10.2/src/slave/kpropd.c
|
|||||||
+ void *selabel;
|
+ void *selabel;
|
||||||
+#endif
|
+#endif
|
||||||
|
|
||||||
if (kpropd_context->kdblog_context &&
|
signal_wrapper(SIGALRM, alarm_handler);
|
||||||
kpropd_context->kdblog_context->iproprole == IPROP_SLAVE) {
|
alarm(params.iprop_resync_timeout);
|
||||||
@@ -515,9 +518,15 @@ void doit(fd)
|
@@ -516,9 +519,15 @@ void doit(fd)
|
||||||
free(name);
|
free(name);
|
||||||
exit(1);
|
exit(1);
|
||||||
}
|
}
|
||||||
@ -457,10 +431,10 @@ Index: krb5-1.10.2/src/slave/kpropd.c
|
|||||||
retval = krb5_lock_file(kpropd_context, lock_fd,
|
retval = krb5_lock_file(kpropd_context, lock_fd,
|
||||||
KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
|
KRB5_LOCKMODE_EXCLUSIVE|KRB5_LOCKMODE_DONTBLOCK);
|
||||||
if (retval) {
|
if (retval) {
|
||||||
Index: krb5-1.10.2/src/util/profile/prof_file.c
|
Index: krb5-1.11.1/src/util/profile/prof_file.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/util/profile/prof_file.c
|
--- krb5-1.11.1.orig/src/util/profile/prof_file.c
|
||||||
+++ krb5-1.10.2/src/util/profile/prof_file.c
|
+++ krb5-1.11.1/src/util/profile/prof_file.c
|
||||||
@@ -30,6 +30,7 @@
|
@@ -30,6 +30,7 @@
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
@ -478,10 +452,10 @@ Index: krb5-1.10.2/src/util/profile/prof_file.c
|
|||||||
if (!f) {
|
if (!f) {
|
||||||
retval = errno;
|
retval = errno;
|
||||||
if (retval == 0)
|
if (retval == 0)
|
||||||
Index: krb5-1.10.2/src/util/support/Makefile.in
|
Index: krb5-1.11.1/src/util/support/Makefile.in
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/util/support/Makefile.in
|
--- krb5-1.11.1.orig/src/util/support/Makefile.in
|
||||||
+++ krb5-1.10.2/src/util/support/Makefile.in
|
+++ krb5-1.11.1/src/util/support/Makefile.in
|
||||||
@@ -64,6 +64,7 @@ IPC_SYMS= \
|
@@ -64,6 +64,7 @@ IPC_SYMS= \
|
||||||
|
|
||||||
STLIBOBJS= \
|
STLIBOBJS= \
|
||||||
@ -490,7 +464,7 @@ Index: krb5-1.10.2/src/util/support/Makefile.in
|
|||||||
init-addrinfo.o \
|
init-addrinfo.o \
|
||||||
plugins.o \
|
plugins.o \
|
||||||
errors.o \
|
errors.o \
|
||||||
@@ -127,7 +128,7 @@ SRCS=\
|
@@ -135,7 +136,7 @@ SRCS=\
|
||||||
|
|
||||||
SHLIB_EXPDEPS =
|
SHLIB_EXPDEPS =
|
||||||
# Add -lm if dumping thread stats, for sqrt.
|
# Add -lm if dumping thread stats, for sqrt.
|
||||||
@ -499,13 +473,13 @@ Index: krb5-1.10.2/src/util/support/Makefile.in
|
|||||||
SHLIB_DIRS=
|
SHLIB_DIRS=
|
||||||
SHLIB_RDIRS=$(KRB5_LIBDIR)
|
SHLIB_RDIRS=$(KRB5_LIBDIR)
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/util/support/selinux.c
|
Index: krb5-1.11.1/src/util/support/selinux.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- /dev/null
|
--- /dev/null
|
||||||
+++ krb5-1.10.2/src/util/support/selinux.c
|
+++ krb5-1.11.1/src/util/support/selinux.c
|
||||||
@@ -0,0 +1,372 @@
|
@@ -0,0 +1,405 @@
|
||||||
+/*
|
+/*
|
||||||
+ * Copyright 2007,2008,2009,2011 Red Hat, Inc. All Rights Reserved.
|
+ * Copyright 2007,2008,2009,2011,2012 Red Hat, Inc. All Rights Reserved.
|
||||||
+ *
|
+ *
|
||||||
+ * Redistribution and use in source and binary forms, with or without
|
+ * Redistribution and use in source and binary forms, with or without
|
||||||
+ * modification, are permitted provided that the following conditions are met:
|
+ * modification, are permitted provided that the following conditions are met:
|
||||||
@ -542,7 +516,7 @@ Index: krb5-1.10.2/src/util/support/selinux.c
|
|||||||
+#ifdef USE_SELINUX
|
+#ifdef USE_SELINUX
|
||||||
+
|
+
|
||||||
+#include <k5-label.h>
|
+#include <k5-label.h>
|
||||||
+#include <k5-thread.h>
|
+#include <k5-platform.h>
|
||||||
+#include <sys/types.h>
|
+#include <sys/types.h>
|
||||||
+#include <sys/stat.h>
|
+#include <sys/stat.h>
|
||||||
+#include <errno.h>
|
+#include <errno.h>
|
||||||
@ -573,15 +547,28 @@ Index: krb5-1.10.2/src/util/support/selinux.c
|
|||||||
+ k5_mutex_finish_init(&labeled_mutex);
|
+ k5_mutex_finish_init(&labeled_mutex);
|
||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
|
+#ifdef HAVE_SELINUX_LABEL_H
|
||||||
|
+static struct selabel_handle *selabel_ctx;
|
||||||
|
+static time_t selabel_last_changed;
|
||||||
|
+
|
||||||
|
+MAKE_FINI_FUNCTION(cleanup_fscreatecon);
|
||||||
|
+
|
||||||
|
+static void
|
||||||
|
+cleanup_fscreatecon(void)
|
||||||
|
+{
|
||||||
|
+ if (selabel_ctx != NULL) {
|
||||||
|
+ selabel_close(selabel_ctx);
|
||||||
|
+ selabel_ctx = NULL;
|
||||||
|
+ }
|
||||||
|
+}
|
||||||
|
+#endif
|
||||||
|
+
|
||||||
+static security_context_t
|
+static security_context_t
|
||||||
+push_fscreatecon(const char *pathname, mode_t mode)
|
+push_fscreatecon(const char *pathname, mode_t mode)
|
||||||
+{
|
+{
|
||||||
+ security_context_t previous, configuredsc, currentsc, derivedsc;
|
+ security_context_t previous, configuredsc, currentsc, derivedsc;
|
||||||
+ context_t current, derived;
|
+ context_t current, derived;
|
||||||
+ const char *fullpath, *currentuser;
|
+ const char *fullpath, *currentuser;
|
||||||
+#ifdef HAVE_SELINUX_LABEL_H
|
|
||||||
+ struct selabel_handle *ctx;
|
|
||||||
+#endif
|
|
||||||
+
|
+
|
||||||
+ previous = NULL;
|
+ previous = NULL;
|
||||||
+ if (is_selinux_enabled()) {
|
+ if (is_selinux_enabled()) {
|
||||||
@ -622,18 +609,37 @@ Index: krb5-1.10.2/src/util/support/selinux.c
|
|||||||
+#endif
|
+#endif
|
||||||
+ configuredsc = NULL;
|
+ configuredsc = NULL;
|
||||||
+#ifdef HAVE_SELINUX_LABEL_H
|
+#ifdef HAVE_SELINUX_LABEL_H
|
||||||
+ ctx = selabel_open(SELABEL_CTX_FILE, NULL, 0);
|
+ if ((selabel_ctx != NULL) ||
|
||||||
+ if (ctx != NULL) {
|
+ (selabel_last_changed == 0)) {
|
||||||
+ if (selabel_lookup(ctx, &configuredsc,
|
+ const char *cpath;
|
||||||
|
+ struct stat st;
|
||||||
|
+ int i = -1;
|
||||||
|
+ cpath = selinux_file_context_path();
|
||||||
|
+ if ((cpath == NULL) ||
|
||||||
|
+ ((i = stat(cpath, &st)) != 0) ||
|
||||||
|
+ (st.st_mtime != selabel_last_changed)) {
|
||||||
|
+ if (selabel_ctx != NULL) {
|
||||||
|
+ selabel_close(selabel_ctx);
|
||||||
|
+ selabel_ctx = NULL;
|
||||||
|
+ }
|
||||||
|
+ selabel_last_changed = i ?
|
||||||
|
+ time(NULL) :
|
||||||
|
+ st.st_mtime;
|
||||||
|
+ }
|
||||||
|
+ }
|
||||||
|
+ if (selabel_ctx == NULL) {
|
||||||
|
+ selabel_ctx = selabel_open(SELABEL_CTX_FILE,
|
||||||
|
+ NULL, 0);
|
||||||
|
+ }
|
||||||
|
+ if (selabel_ctx != NULL) {
|
||||||
|
+ if (selabel_lookup(selabel_ctx, &configuredsc,
|
||||||
+ fullpath, mode) != 0) {
|
+ fullpath, mode) != 0) {
|
||||||
+ selabel_close(ctx);
|
|
||||||
+ free(genpath);
|
+ free(genpath);
|
||||||
+ if (previous != NULL) {
|
+ if (previous != NULL) {
|
||||||
+ freecon(previous);
|
+ freecon(previous);
|
||||||
+ }
|
+ }
|
||||||
+ return NULL;
|
+ return NULL;
|
||||||
+ }
|
+ }
|
||||||
+ selabel_close(ctx);
|
|
||||||
+ }
|
+ }
|
||||||
+#else
|
+#else
|
||||||
+ if (matchpathcon(fullpath, mode, &configuredsc) != 0) {
|
+ if (matchpathcon(fullpath, mode, &configuredsc) != 0) {
|
||||||
@ -756,7 +762,8 @@ Index: krb5-1.10.2/src/util/support/selinux.c
|
|||||||
+ int errno_save;
|
+ int errno_save;
|
||||||
+ security_context_t ctx;
|
+ security_context_t ctx;
|
||||||
+
|
+
|
||||||
+ if (strcmp(mode, "r") == 0) {
|
+ if ((strcmp(mode, "r") == 0) ||
|
||||||
|
+ (strcmp(mode, "rb") == 0)) {
|
||||||
+ return fopen(path, mode);
|
+ return fopen(path, mode);
|
||||||
+ }
|
+ }
|
||||||
+
|
+
|
||||||
@ -876,10 +883,10 @@ Index: krb5-1.10.2/src/util/support/selinux.c
|
|||||||
+}
|
+}
|
||||||
+
|
+
|
||||||
+#endif
|
+#endif
|
||||||
Index: krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c
|
Index: krb5-1.11.1/src/lib/krb5/rcache/rc_dfl.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/lib/krb5/rcache/rc_dfl.c
|
--- krb5-1.11.1.orig/src/lib/krb5/rcache/rc_dfl.c
|
||||||
+++ krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c
|
+++ krb5-1.11.1/src/lib/krb5/rcache/rc_dfl.c
|
||||||
@@ -812,6 +812,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
@@ -812,6 +812,9 @@ krb5_rc_dfl_expunge_locked(krb5_context
|
||||||
krb5_error_code retval = 0;
|
krb5_error_code retval = 0;
|
||||||
krb5_rcache tmp;
|
krb5_rcache tmp;
|
||||||
@ -908,11 +915,48 @@ Index: krb5-1.10.2/src/lib/krb5/rcache/rc_dfl.c
|
|||||||
if (retval)
|
if (retval)
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
for (q = t->a; q; q = q->na) {
|
for (q = t->a; q; q = q->na) {
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
|
Index: krb5-1.11.1/src/lib/krb5/ccache/cc_dir.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/kdb_db2.c
|
--- krb5-1.11.1.orig/src/lib/krb5/ccache/cc_dir.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
|
+++ krb5-1.11.1/src/lib/krb5/ccache/cc_dir.c
|
||||||
@@ -683,8 +683,8 @@ ctx_create_db(krb5_context context, krb5
|
@@ -185,10 +185,19 @@ write_primary_file(const char *primary_p
|
||||||
|
char *newpath = NULL;
|
||||||
|
FILE *fp = NULL;
|
||||||
|
int fd = -1, status;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ void *selabel;
|
||||||
|
+#endif
|
||||||
|
|
||||||
|
if (asprintf(&newpath, "%s.XXXXXX", primary_path) < 0)
|
||||||
|
return ENOMEM;
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ selabel = krb5int_push_fscreatecon_for(primary_path);
|
||||||
|
+#endif
|
||||||
|
fd = mkstemp(newpath);
|
||||||
|
+#ifdef USE_SELINUX
|
||||||
|
+ krb5int_pop_fscreatecon(selabel);
|
||||||
|
+#endif
|
||||||
|
if (fd < 0)
|
||||||
|
goto cleanup;
|
||||||
|
#ifdef HAVE_CHMOD
|
||||||
|
Index: krb5-1.11.1/src/lib/krb5/os/trace.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/lib/krb5/os/trace.c
|
||||||
|
+++ krb5-1.11.1/src/lib/krb5/os/trace.c
|
||||||
|
@@ -401,7 +401,7 @@ krb5_set_trace_filename(krb5_context con
|
||||||
|
fd = malloc(sizeof(*fd));
|
||||||
|
if (fd == NULL)
|
||||||
|
return ENOMEM;
|
||||||
|
- *fd = open(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||||
|
+ *fd = THREEPARAMOPEN(filename, O_WRONLY|O_CREAT|O_APPEND, 0600);
|
||||||
|
if (*fd == -1) {
|
||||||
|
free(fd);
|
||||||
|
return errno;
|
||||||
|
Index: krb5-1.11.1/src/plugins/kdb/db2/kdb_db2.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/kdb_db2.c
|
||||||
|
+++ krb5-1.11.1/src/plugins/kdb/db2/kdb_db2.c
|
||||||
|
@@ -681,8 +681,8 @@ ctx_create_db(krb5_context context, krb5
|
||||||
if (retval)
|
if (retval)
|
||||||
return retval;
|
return retval;
|
||||||
|
|
||||||
@ -923,10 +967,10 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/kdb_db2.c
|
|||||||
if (dbc->db_lf_file < 0) {
|
if (dbc->db_lf_file < 0) {
|
||||||
retval = errno;
|
retval = errno;
|
||||||
goto cleanup;
|
goto cleanup;
|
||||||
Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
Index: krb5-1.11.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
--- krb5-1.11.1.orig/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
+++ krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
+++ krb5-1.11.1/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
||||||
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
@@ -51,6 +51,7 @@ static char sccsid[] = "@(#)rec_open.c 8
|
||||||
#include <stdio.h>
|
#include <stdio.h>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
@ -945,11 +989,11 @@ Index: krb5-1.10.2/src/plugins/kdb/db2/libdb2/recno/rec_open.c
|
|||||||
return (NULL);
|
return (NULL);
|
||||||
|
|
||||||
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
if (fname != NULL && fcntl(rfd, F_SETFD, 1) == -1) {
|
||||||
Index: krb5-1.10.2/src/kdc/main.c
|
Index: krb5-1.11.1/src/kdc/main.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/kdc/main.c
|
--- krb5-1.11.1.orig/src/kdc/main.c
|
||||||
+++ krb5-1.10.2/src/kdc/main.c
|
+++ krb5-1.11.1/src/kdc/main.c
|
||||||
@@ -909,7 +909,7 @@ write_pid_file(const char *path)
|
@@ -902,7 +902,7 @@ write_pid_file(const char *path)
|
||||||
FILE *file;
|
FILE *file;
|
||||||
unsigned long pid;
|
unsigned long pid;
|
||||||
|
|
||||||
@ -958,23 +1002,23 @@ Index: krb5-1.10.2/src/kdc/main.c
|
|||||||
if (file == NULL)
|
if (file == NULL)
|
||||||
return errno;
|
return errno;
|
||||||
pid = (unsigned long) getpid();
|
pid = (unsigned long) getpid();
|
||||||
Index: krb5-1.10.2/src/lib/kdb/kdb_log.c
|
Index: krb5-1.11.1/src/lib/kdb/kdb_log.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/lib/kdb/kdb_log.c
|
--- krb5-1.11.1.orig/src/lib/kdb/kdb_log.c
|
||||||
+++ krb5-1.10.2/src/lib/kdb/kdb_log.c
|
+++ krb5-1.11.1/src/lib/kdb/kdb_log.c
|
||||||
@@ -566,7 +566,7 @@ ulog_map(krb5_context context, const cha
|
@@ -604,7 +604,7 @@ ulog_map(krb5_context context, const cha
|
||||||
return (errno);
|
return (errno);
|
||||||
}
|
}
|
||||||
|
|
||||||
- if ((ulogfd = open(logname, O_RDWR+O_CREAT, 0600)) == -1) {
|
- ulogfd = open(logname, O_RDWR | O_CREAT, 0600);
|
||||||
+ if ((ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600)) == -1) {
|
+ ulogfd = THREEPARAMOPEN(logname, O_RDWR | O_CREAT, 0600);
|
||||||
|
if (ulogfd == -1) {
|
||||||
return (errno);
|
return (errno);
|
||||||
}
|
}
|
||||||
|
Index: krb5-1.11.1/src/util/gss-kernel-lib/Makefile.in
|
||||||
Index: krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in
|
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/util/gss-kernel-lib/Makefile.in
|
--- krb5-1.11.1.orig/src/util/gss-kernel-lib/Makefile.in
|
||||||
+++ krb5-1.10.2/src/util/gss-kernel-lib/Makefile.in
|
+++ krb5-1.11.1/src/util/gss-kernel-lib/Makefile.in
|
||||||
@@ -66,6 +66,7 @@ HEADERS= \
|
@@ -66,6 +66,7 @@ HEADERS= \
|
||||||
gssapi_err_generic.h \
|
gssapi_err_generic.h \
|
||||||
k5-int.h \
|
k5-int.h \
|
3
krb5-1.11.1.tar.bz2
Normal file
3
krb5-1.11.1.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
|||||||
|
version https://git-lfs.github.com/spec/v1
|
||||||
|
oid sha256:7994928de3fbaeaef4862798ad1608c8bd886b91cc15de7b49d6c3c3cadc1d0d
|
||||||
|
size 9433869
|
@ -1,9 +0,0 @@
|
|||||||
--- doc/man2html
|
|
||||||
+++ doc/man2html 2004/10/18 16:20:53
|
|
||||||
@@ -1,5 +1,4 @@
|
|
||||||
-#!/usr/athena/bin/perl
|
|
||||||
-#!/usr/local/bin/perl
|
|
||||||
+#!/usr/bin/perl
|
|
||||||
##---------------------------------------------------------------------------##
|
|
||||||
## File:
|
|
||||||
## @(#) man2html 1.2 97/08/12 12:57:30 @(#)
|
|
@ -1,11 +1,11 @@
|
|||||||
Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
Index: krb5-1.11/src/man/ktutil.man
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.6.3.orig/src/kadmin/ktutil/ktutil.M
|
--- krb5-1.11.orig/src/man/ktutil.man
|
||||||
+++ krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
+++ krb5-1.11/src/man/ktutil.man
|
||||||
@@ -63,5 +63,17 @@ Quits
|
@@ -158,6 +158,18 @@ ktutil:
|
||||||
Aliases:
|
.fi
|
||||||
.BR exit ,
|
.UNINDENT
|
||||||
.BR q .
|
.UNINDENT
|
||||||
+.SH REMARKS
|
+.SH REMARKS
|
||||||
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
|
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
|
||||||
+is never overwritten). To directly modify a keytab, save the changes to a
|
+is never overwritten). To directly modify a keytab, save the changes to a
|
||||||
@ -19,4 +19,5 @@ Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M
|
|||||||
+ktutil> q
|
+ktutil> q
|
||||||
+# mv /tmp/krb5.newtab /etc/krb5.keytab
|
+# mv /tmp/krb5.newtab /etc/krb5.keytab
|
||||||
.SH SEE ALSO
|
.SH SEE ALSO
|
||||||
kadmin(8), kdb5_util(8)
|
.sp
|
||||||
|
\fIkadmin(1)\fP, \fIkdb5_util(8)\fP
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
appl/sample/sserver/sserver.M
|
|
||||||
config-files/kdc.conf.M
|
|
||||||
config-files/krb5.conf.M
|
|
||||||
gen-manpages/kerberos.M
|
|
||||||
kadmin/cli/kadmin.M
|
|
||||||
slave/kpropd.M
|
|
||||||
slave/kprop.M
|
|
30
krb5-1.9-debuginfo.patch
Normal file
30
krb5-1.9-debuginfo.patch
Normal file
@ -0,0 +1,30 @@
|
|||||||
|
We want to keep these y.tab.c files around because the debuginfo points to
|
||||||
|
them. It would be more elegant at the end to use symbolic links, but that
|
||||||
|
could mess up people working in the tree on other things.
|
||||||
|
|
||||||
|
Index: src/kadmin/cli/Makefile.in
|
||||||
|
===================================================================
|
||||||
|
--- src/kadmin/cli/Makefile.in.orig
|
||||||
|
+++ src/kadmin/cli/Makefile.in
|
||||||
|
@@ -40,3 +40,8 @@ clean-unix::
|
||||||
|
# CC_LINK is not meant for compilation and this use may break in the future.
|
||||||
|
datetest: getdate.c
|
||||||
|
$(CC_LINK) $(ALL_CFLAGS) -DTEST -o datetest getdate.c
|
||||||
|
+
|
||||||
|
+%.c: %.y
|
||||||
|
+ $(RM) y.tab.c $@
|
||||||
|
+ $(YACC.y) $<
|
||||||
|
+ $(CP) y.tab.c $@
|
||||||
|
Index: src/plugins/kdb/ldap/ldap_util/Makefile.in
|
||||||
|
===================================================================
|
||||||
|
--- src/plugins/kdb/ldap/ldap_util/Makefile.in.orig
|
||||||
|
+++ src/plugins/kdb/ldap/ldap_util/Makefile.in
|
||||||
|
@@ -22,7 +22,7 @@ $(PROG): $(OBJS) $(KADMSRV_DEPLIBS) $(KR
|
||||||
|
getdate.c: $(GETDATE)
|
||||||
|
$(RM) getdate.c y.tab.c
|
||||||
|
$(YACC) $(GETDATE)
|
||||||
|
- $(MV) y.tab.c getdate.c
|
||||||
|
+ $(CP) y.tab.c getdate.c
|
||||||
|
|
||||||
|
install::
|
||||||
|
$(INSTALL_PROGRAM) $(PROG) ${DESTDIR}$(ADMIN_BINDIR)/$(PROG)
|
@ -1,10 +1,10 @@
|
|||||||
Use an in-memory ccache to silence a compiler warning, for RT#6414.
|
Use an in-memory ccache to silence a compiler warning, for RT#6414.
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/slave/kprop.c
|
Index: krb5-1.11/src/slave/kprop.c
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/slave/kprop.c
|
--- krb5-1.11.orig/src/slave/kprop.c
|
||||||
+++ krb5-1.10.2/src/slave/kprop.c
|
+++ krb5-1.11/src/slave/kprop.c
|
||||||
@@ -186,9 +186,8 @@ void PRS(argc, argv)
|
@@ -187,9 +187,8 @@ void PRS(argc, argv)
|
||||||
void get_tickets(context)
|
void get_tickets(context)
|
||||||
krb5_context context;
|
krb5_context context;
|
||||||
{
|
{
|
||||||
@ -15,7 +15,7 @@ Index: krb5-1.10.2/src/slave/kprop.c
|
|||||||
krb5_keytab keytab = NULL;
|
krb5_keytab keytab = NULL;
|
||||||
|
|
||||||
/*
|
/*
|
||||||
@@ -229,11 +228,8 @@ void get_tickets(context)
|
@@ -230,11 +229,8 @@ void get_tickets(context)
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -3,206 +3,16 @@ values can be dropped in by config.status. After applying this patch,
|
|||||||
these files should be renamed to their ".in" counterparts, and then the
|
these files should be renamed to their ".in" counterparts, and then the
|
||||||
configure scripts should be rebuilt. Originally RT#6525
|
configure scripts should be rebuilt. Originally RT#6525
|
||||||
|
|
||||||
Index: krb5-1.10.2/src/aclocal.m4
|
Index: krb5-1.11/src/man/kpropd.man
|
||||||
===================================================================
|
===================================================================
|
||||||
--- krb5-1.10.2.orig/src/aclocal.m4
|
--- krb5-1.11.orig/src/man/kpropd.man
|
||||||
+++ krb5-1.10.2/src/aclocal.m4
|
+++ krb5-1.11/src/man/kpropd.man
|
||||||
@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS)
|
@@ -63,7 +63,7 @@ the \fB/etc/inetd.conf\fP file which loo
|
||||||
AC_SUBST(PAM_MAN)
|
.sp
|
||||||
AC_SUBST(NON_PAM_MAN)
|
.nf
|
||||||
])dnl
|
.ft C
|
||||||
+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[
|
|
||||||
+mansysconfdir=$sysconfdir
|
|
||||||
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"`
|
|
||||||
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
||||||
+mansbindir=$sbindir
|
|
||||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"`
|
|
||||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"`
|
|
||||||
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
||||||
+manlocalstatedir=$localstatedir
|
|
||||||
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"`
|
|
||||||
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
||||||
+manlibexecdir=$libexecdir
|
|
||||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"`
|
|
||||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"`
|
|
||||||
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
||||||
+AC_SUBST(mansysconfdir)
|
|
||||||
+AC_SUBST(mansbindir)
|
|
||||||
+AC_SUBST(manlocalstatedir)
|
|
||||||
+AC_SUBST(manlibexecdir)
|
|
||||||
+AC_CONFIG_FILES($1)
|
|
||||||
+])
|
|
||||||
Index: krb5-1.10.2/src/configure.in
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/configure.in
|
|
||||||
+++ krb5-1.10.2/src/configure.in
|
|
||||||
@@ -1249,6 +1249,17 @@ AC_SUBST(localedir)
|
|
||||||
KRB5_WITH_PAM
|
|
||||||
|
|
||||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
|
||||||
+
|
|
||||||
+V5_AC_OUTPUT_MANPAGE([
|
|
||||||
+ appl/sample/sserver/sserver.M
|
|
||||||
+ config-files/kdc.conf.M
|
|
||||||
+ config-files/krb5.conf.M
|
|
||||||
+ gen-manpages/kerberos.M
|
|
||||||
+ kadmin/cli/kadmin.M
|
|
||||||
+ slave/kpropd.M
|
|
||||||
+ slave/kprop.M
|
|
||||||
+])
|
|
||||||
+
|
|
||||||
V5_AC_OUTPUT_MAKEFILE(.
|
|
||||||
|
|
||||||
util util/support util/profile util/profile/testmod util/send-pr
|
|
||||||
Index: krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/appl/sample/sserver/sserver.M
|
|
||||||
+++ krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
|
||||||
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
|
||||||
using a line in
|
|
||||||
/etc/inetd.conf that looks like this:
|
|
||||||
.PP
|
|
||||||
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
|
|
||||||
+sample stream tcp nowait root @mansbindir@/sserver sserver
|
|
||||||
.PP
|
|
||||||
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
|
||||||
usually have to add a line to /etc/services which looks like this:
|
|
||||||
Index: krb5-1.10.2/src/config-files/kdc.conf.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/config-files/kdc.conf.M
|
|
||||||
+++ krb5-1.10.2/src/config-files/kdc.conf.M
|
|
||||||
@@ -92,14 +92,14 @@ This
|
|
||||||
.B string
|
|
||||||
specifies the location of the access control list (acl) file that
|
|
||||||
kadmin uses to determine which principals are allowed which permissions
|
|
||||||
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
|
|
||||||
+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl.
|
|
||||||
|
|
||||||
.IP admin_keytab
|
|
||||||
This
|
|
||||||
.B string
|
|
||||||
Specifies the location of the keytab file that kadmin uses to
|
|
||||||
authenticate to the database. The default value is
|
|
||||||
-/usr/local/var/krb5kdc/kadm5.keytab.
|
|
||||||
+@manlocalstatedir@/krb5kdc/kadm5.keytab.
|
|
||||||
|
|
||||||
.IP database_name
|
|
||||||
This
|
|
||||||
@@ -274,7 +274,7 @@ tickets should be checked against the tr
|
|
||||||
realm names and the [capaths] section of its krb5.conf file
|
|
||||||
|
|
||||||
.SH FILES
|
|
||||||
-/usr/local/var/krb5kdc/kdc.conf
|
|
||||||
+@manlocalstatedir@/krb5kdc/kdc.conf
|
|
||||||
|
|
||||||
.SH SEE ALSO
|
|
||||||
krb5.conf(5), krb5kdc(8)
|
|
||||||
Index: krb5-1.10.2/src/config-files/krb5.conf.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/config-files/krb5.conf.M
|
|
||||||
+++ krb5-1.10.2/src/config-files/krb5.conf.M
|
|
||||||
@@ -808,6 +808,6 @@ This module implements the encrypted cha
|
|
||||||
This module implements the encrypted timestamp mechanism.
|
|
||||||
|
|
||||||
.SH FILES
|
|
||||||
-/etc/krb5.conf
|
|
||||||
+@mansysconfdir@/krb5.conf
|
|
||||||
.SH SEE ALSO
|
|
||||||
syslog(3)
|
|
||||||
Index: krb5-1.10.2/src/gen-manpages/kerberos.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/gen-manpages/kerberos.M
|
|
||||||
+++ krb5-1.10.2/src/gen-manpages/kerberos.M
|
|
||||||
@@ -125,7 +125,7 @@ default is /etc/krb5.conf.
|
|
||||||
Specifies the location of the KDC configuration file, which contains
|
|
||||||
additional configuration directives for the Key Distribution Center
|
|
||||||
daemon and associated programs. The default is
|
|
||||||
-/usr/local/var/krb5kdc/kdc.conf.
|
|
||||||
+@manlocalstatedir@/krb5kdc/kdc.conf.
|
|
||||||
.TP
|
|
||||||
.B KRB5RCACHETYPE
|
|
||||||
Specifies the default type of replay cache to use for servers. Valid
|
|
||||||
Index: krb5-1.10.2/src/kadmin/cli/kadmin.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/kadmin/cli/kadmin.M
|
|
||||||
+++ krb5-1.10.2/src/kadmin/cli/kadmin.M
|
|
||||||
@@ -924,9 +924,9 @@ option is specified, less verbose status
|
|
||||||
.RS
|
|
||||||
.TP
|
|
||||||
EXAMPLE:
|
|
||||||
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
|
|
||||||
+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin
|
|
||||||
Entry for principal kadmin/admin with kvno 3 removed
|
|
||||||
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
|
|
||||||
+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab.
|
|
||||||
kadmin:
|
|
||||||
.RE
|
|
||||||
.fi
|
|
||||||
Index: krb5-1.10.2/src/slave/kpropd.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/slave/kpropd.M
|
|
||||||
+++ krb5-1.10.2/src/slave/kpropd.M
|
|
||||||
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
|
||||||
This is done by adding a line to the inetd.conf file which looks like
|
|
||||||
this:
|
|
||||||
|
|
||||||
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
||||||
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
|
+kprop stream tcp nowait root @SBINDIR@/kpropd kpropd
|
||||||
|
.ft P
|
||||||
However, kpropd can also run as a standalone daemon, if the
|
.fi
|
||||||
.B \-S
|
.UNINDENT
|
||||||
@@ -111,13 +111,13 @@ is used.
|
|
||||||
\fB\-f\fP \fIfile\fP
|
|
||||||
specifies the filename where the dumped principal database file is to be
|
|
||||||
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
|
|
||||||
-(normally /usr/local/var/krb5kdc/from_master).
|
|
||||||
+(normally @manlocalstatedir@/krb5kdc/from_master).
|
|
||||||
.TP
|
|
||||||
.B \-p
|
|
||||||
allows the user to specify the pathname to the
|
|
||||||
.IR kdb5_util (8)
|
|
||||||
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
|
|
||||||
-(normally /usr/local/sbin/kdb5_util).
|
|
||||||
+(normally @mansbindir@/kdb5_util).
|
|
||||||
.TP
|
|
||||||
.B \-S
|
|
||||||
turn on standalone mode. Normally, kpropd is invoked out of
|
|
||||||
@@ -148,14 +148,14 @@ mode.
|
|
||||||
allows the user to specify the path to the
|
|
||||||
kpropd.acl
|
|
||||||
file; by default the path used is KPROPD_ACL_FILE
|
|
||||||
-(normally /usr/local/var/krb5kdc/kpropd.acl).
|
|
||||||
+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
||||||
.SH FILES
|
|
||||||
.TP "\w'kpropd.acl\ \ 'u"
|
|
||||||
kpropd.acl
|
|
||||||
Access file for
|
|
||||||
.BR kpropd ;
|
|
||||||
the default location is KPROPD_ACL_FILE (normally
|
|
||||||
-/usr/local/var/krb5kdc/kpropd.acl).
|
|
||||||
+@manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
||||||
Each entry is a line containing the principal of a host from which the
|
|
||||||
local machine will allow Kerberos database propagation via kprop.
|
|
||||||
.SH SEE ALSO
|
|
||||||
Index: krb5-1.10.2/src/slave/kprop.M
|
|
||||||
===================================================================
|
|
||||||
--- krb5-1.10.2.orig/src/slave/kprop.M
|
|
||||||
+++ krb5-1.10.2/src/slave/kprop.M
|
|
||||||
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
|
||||||
This is done by transmitting the dumped database file to the slave
|
|
||||||
server over an encrypted, secure channel. The dump file must be created
|
|
||||||
by kdb5_util, and is normally KPROP_DEFAULT_FILE
|
|
||||||
-(/usr/local/var/krb5kdc/slave_datatrans).
|
|
||||||
+(@manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
||||||
.SH OPTIONS
|
|
||||||
.TP
|
|
||||||
\fB\-r\fP \fIrealm\fP
|
|
||||||
@@ -51,7 +51,7 @@ is used.
|
|
||||||
\fB\-f\fP \fIfile\fP
|
|
||||||
specifies the filename where the dumped principal database file is to be
|
|
||||||
found; by default the dumped database file is KPROP_DEFAULT_FILE
|
|
||||||
-(normally /usr/local/var/krb5kdc/slave_datatrans).
|
|
||||||
+(normally @manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
||||||
.TP
|
|
||||||
\fB\-P\fP \fIport\fP
|
|
||||||
specifies the port to use to contact the
|
|
||||||
|
@ -1,2 +0,0 @@
|
|||||||
addFilter("files-duplicate .*css")
|
|
||||||
addFilter("files-duplicate .*img.*png")
|
|
196
krb5-doc.changes
196
krb5-doc.changes
@ -1,196 +0,0 @@
|
|||||||
-------------------------------------------------------------------
|
|
||||||
Mon Sep 3 14:34:35 UTC 2012 - idonmez@suse.com
|
|
||||||
|
|
||||||
- Build depend on texinfo & texlive-dvips to fix the build
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jun 6 17:34:26 CEST 2012 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.10.2
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Aug 22 10:21:56 CEST 2011 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.9.1
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Apr 9 12:45:30 CEST 2010 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.8.1
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Mar 23 12:38:29 CET 2010 - mc@suse.de
|
|
||||||
|
|
||||||
- add post 1.8 fixes
|
|
||||||
* Document the ticket_lifetime libdefaults setting
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Mar 4 11:45:22 CET 2010 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.8
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de
|
|
||||||
|
|
||||||
- update to final version 1.7
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed May 13 11:34:07 CEST 2009 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.7 Beta2
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Feb 16 13:08:05 CET 2009 - mc@suse.de
|
|
||||||
|
|
||||||
- update to pre 1.7 version
|
|
||||||
* remove outdated documentation for kadm5 API
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Jul 25 12:17:10 CEST 2008 - mc@suse.de
|
|
||||||
|
|
||||||
- add patches from SVN post 1.6.3
|
|
||||||
* some fixes in the man pages
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jun 18 15:34:16 CEST 2008 - mc@suse.de
|
|
||||||
|
|
||||||
- reduce rpmlint warnings
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Oct 23 10:29:23 CEST 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- update to krb5 version 1.6.3
|
|
||||||
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow
|
|
||||||
* fix CVE-2007-4000 modify_policy vulnerability
|
|
||||||
* Add PKINIT support
|
|
||||||
- remove patches which are upstream now
|
|
||||||
- enhance init scripts and xinetd profiles
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Jul 12 17:02:30 CEST 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.6.2
|
|
||||||
- remove krb5-1.6.1-post.dif all fixes are included in this release
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jun 13 15:29:42 CEST 2007 - sschober@suse.de
|
|
||||||
|
|
||||||
- removed executable permission from doc file
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Apr 23 11:15:59 CEST 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- update to final 1.6.1 version
|
|
||||||
- replace te_ams with texlive in BuildRequires
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Apr 18 14:47:49 CEST 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- build implementor.ps
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Apr 16 14:39:40 CEST 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.6.1 Beta1
|
|
||||||
- remove obsolete patches
|
|
||||||
(krb5-1.6-post.dif, krb5-1.6-patchlevel.dif)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Feb 19 14:00:49 CET 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- add krb5-1.6-post.dif
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Jan 22 12:21:20 CET 2007 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.6
|
|
||||||
* Major changes in 1.6 include
|
|
||||||
* Partial client implementation to handle server name referrals.
|
|
||||||
* Pre-authentication plug-in framework, donated by Red Hat.
|
|
||||||
* LDAP KDB plug-in, donated by Novell.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.5.1
|
|
||||||
- remove obsolete patches which are now included upstream
|
|
||||||
* krb5-1.4.3-MITKRB5-SA-2006-001-setuid-return-checks.dif
|
|
||||||
* trunk-fix-uninitialized-vars.dif
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Jul 3 15:01:57 CEST 2006 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.5
|
|
||||||
* KDB abstraction layer, donated by Novell.
|
|
||||||
* plug-in architecture, allowing for extension modules to be
|
|
||||||
loaded at run-time.
|
|
||||||
* multi-mechanism GSS-API implementation ("mechglue"),
|
|
||||||
donated by Sun Microsystems
|
|
||||||
* Simple and Protected GSS-API negotiation mechanism ("SPNEGO")
|
|
||||||
implementation, donated by Sun Microsystems
|
|
||||||
- remove obsolete patches and add some new
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Mar 13 18:01:06 CET 2006 - mc@suse.de
|
|
||||||
|
|
||||||
- set BuildArchitectures to noarch
|
|
||||||
- set norootforbuild
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Jan 25 21:30:24 CET 2006 - mls@suse.de
|
|
||||||
|
|
||||||
- converted neededforbuild to BuildRequires
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Nov 18 12:15:07 CET 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.4.3
|
|
||||||
- fix tex for kadm5 documentation (krb5-1.4.3-kadm5-tex.dif)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Wed Oct 12 16:19:08 CEST 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- build kadm5 documentation
|
|
||||||
- build documentation also as html
|
|
||||||
- include the text only documentation
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Oct 11 17:40:26 CEST 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.4.2
|
|
||||||
- remove some obsolet patches
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Jun 27 13:36:04 CEST 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.4.1
|
|
||||||
- remove obsolet patches
|
|
||||||
- krb5-1.4-VUL-0-telnet.dif
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Thu Feb 10 02:38:39 CET 2005 - ro@suse.de
|
|
||||||
|
|
||||||
- added libpng to neededforbuild (for tetex)
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Feb 4 16:50:34 CET 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- remove spx.c from tarball because of legal risk
|
|
||||||
- add README.Source which tell the user about this
|
|
||||||
action.
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Fri Jan 28 13:28:18 CET 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.4
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Mon Jan 10 12:20:11 CET 2005 - mc@suse.de
|
|
||||||
|
|
||||||
- update to version 1.3.6
|
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
|
||||||
Tue Dec 14 15:21:02 CET 2004 - mc@suse.de
|
|
||||||
|
|
||||||
- initial release
|
|
||||||
|
|
@ -1,91 +0,0 @@
|
|||||||
#
|
|
||||||
# spec file for package krb5-doc
|
|
||||||
#
|
|
||||||
# Copyright (c) 2013 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
|
||||||
#
|
|
||||||
# All modifications and additions to the file contributed by third parties
|
|
||||||
# remain the property of their copyright owners, unless otherwise agreed
|
|
||||||
# upon. The license for this file, and modifications and additions to the
|
|
||||||
# file, is the same license as for the pristine package itself (unless the
|
|
||||||
# license for the pristine package is not an Open Source License, in which
|
|
||||||
# case the license is the MIT License). An "Open Source License" is a
|
|
||||||
# license that conforms to the Open Source Definition (Version 1.9)
|
|
||||||
# published by the Open Source Initiative.
|
|
||||||
|
|
||||||
# Please submit bugfixes or comments via http://bugs.opensuse.org/
|
|
||||||
#
|
|
||||||
|
|
||||||
|
|
||||||
Name: krb5-doc
|
|
||||||
BuildRequires: ghostscript-library
|
|
||||||
BuildRequires: texinfo
|
|
||||||
BuildRequires: texlive-dvips
|
|
||||||
Version: 1.10.2
|
|
||||||
Release: 0
|
|
||||||
%define srcRoot krb5-1.10.2
|
|
||||||
Summary: MIT Kerberos5 Implementation--Documentation
|
|
||||||
License: MIT
|
|
||||||
Group: Documentation/Other
|
|
||||||
Url: http://web.mit.edu/kerberos/www/
|
|
||||||
Source: krb5-%{version}.tar.bz2
|
|
||||||
Source3: %{name}-rpmlintrc
|
|
||||||
Patch0: krb5-1.3.5-perlfix.dif
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
|
||||||
BuildArch: noarch
|
|
||||||
|
|
||||||
%description
|
|
||||||
Kerberos V5 is a trusted-third-party network authentication
|
|
||||||
system,which can improve your network's security by eliminating the
|
|
||||||
insecurepractice of clear text passwords. This package includes
|
|
||||||
extended documentation for MIT Kerberos.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
Authors:
|
|
||||||
--------
|
|
||||||
The MIT Kerberos Team
|
|
||||||
Sam Hartman <hartmans@mit.edu>
|
|
||||||
Ken Raeburn <raeburn@mit.edu>
|
|
||||||
Tom Yu <tlyu@mit.edu>
|
|
||||||
|
|
||||||
%prep
|
|
||||||
%setup -n %{srcRoot}
|
|
||||||
%patch0
|
|
||||||
|
|
||||||
%build
|
|
||||||
sed -i -e '1s!\[twoside\]!!;s!%\(\\usepackage{hyperref}\)!\1!' doc/api/library.tex
|
|
||||||
sed -i -e '1c\
|
|
||||||
\\documentclass{article}\
|
|
||||||
\\usepackage{fixunder}\
|
|
||||||
\\usepackage{functions}\
|
|
||||||
\\usepackage{fancyheadings}\
|
|
||||||
\\usepackage{hyperref}' doc/implement/implement.tex
|
|
||||||
|
|
||||||
%install
|
|
||||||
cd doc
|
|
||||||
mkdir -p html
|
|
||||||
make
|
|
||||||
make implementor.ps
|
|
||||||
make -C api
|
|
||||||
make -C implement
|
|
||||||
mv *.html html/
|
|
||||||
cd ..
|
|
||||||
find . -type f -name '*.ps' -exec gzip -9 {} \;
|
|
||||||
chmod 644 doc/man2ps
|
|
||||||
chmod 644 doc/krb5-protocol/draft-jaganathan-rc4-hmac-03.txt
|
|
||||||
# cleanup
|
|
||||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
|
||||||
rm -f /usr/share/man/man1/tmac.doc*
|
|
||||||
rm -rf /usr/lib/mit/share
|
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share
|
|
||||||
|
|
||||||
%clean
|
|
||||||
rm -rf %{buildroot}
|
|
||||||
|
|
||||||
%files
|
|
||||||
%defattr(-,root,root)
|
|
||||||
%doc doc/*.ps.gz doc/api/*.ps.gz doc/implement/*.ps.gz
|
|
||||||
%doc doc/krb5-protocol doc/kadmin
|
|
||||||
%doc doc/html
|
|
||||||
|
|
||||||
%changelog
|
|
53
krb5-kvno-230379.patch
Normal file
53
krb5-kvno-230379.patch
Normal file
@ -0,0 +1,53 @@
|
|||||||
|
From patch attached to http://krbdev.mit.edu/rt/Ticket/Display.html?id=3349,
|
||||||
|
at http://krbdev.mit.edu/rt/Ticket/Attachment/23851/13214/kvno.diff, adjusted
|
||||||
|
as needed to apply to 1.10. FIXME: I'd like to better handle cases where we
|
||||||
|
have a new key with the right version stored later in the keytab file.
|
||||||
|
Currently, we're setting up to overlook that possibility.
|
||||||
|
|
||||||
|
Note that this only affects the path taken when krb5_rd_rep() is passed a
|
||||||
|
server principal name, as without a server principal name it already tries
|
||||||
|
all of the keys it finds in the keytab, regardless of version numbers.
|
||||||
|
|
||||||
|
Index: krb5-1.11.1/src/kadmin/ktutil/ktutil.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/kadmin/ktutil/ktutil.c
|
||||||
|
+++ krb5-1.11.1/src/kadmin/ktutil/ktutil.c
|
||||||
|
@@ -140,7 +140,7 @@ void ktutil_add_entry(argc, argv)
|
||||||
|
char *princ = NULL;
|
||||||
|
char *enctype = NULL;
|
||||||
|
krb5_kvno kvno = 0;
|
||||||
|
- int use_pass = 0, use_key = 0, i;
|
||||||
|
+ int use_pass = 0, use_key = 0, use_kvno = 0, i;
|
||||||
|
|
||||||
|
for (i = 1; i < argc; i++) {
|
||||||
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-p", 2)) {
|
||||||
|
@@ -149,6 +149,7 @@ void ktutil_add_entry(argc, argv)
|
||||||
|
}
|
||||||
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-k", 2)) {
|
||||||
|
kvno = (krb5_kvno) atoi(argv[++i]);
|
||||||
|
+ use_kvno++;
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if ((strlen(argv[i]) == 2) && !strncmp(argv[i], "-e", 2)) {
|
||||||
|
@@ -165,7 +166,7 @@ void ktutil_add_entry(argc, argv)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
- if (argc != 8 || !(princ && kvno && enctype) || (use_pass+use_key != 1)) {
|
||||||
|
+ if (argc != 8 || !(princ && use_kvno && enctype) || (use_pass+use_key != 1)) {
|
||||||
|
fprintf(stderr, _("usage: %s (-key | -password) -p principal "
|
||||||
|
"-k kvno -e enctype\n"), argv[0]);
|
||||||
|
return;
|
||||||
|
Index: krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
||||||
|
===================================================================
|
||||||
|
--- krb5-1.11.1.orig/src/lib/krb5/keytab/kt_file.c
|
||||||
|
+++ krb5-1.11.1/src/lib/krb5/keytab/kt_file.c
|
||||||
|
@@ -376,7 +376,7 @@ krb5_ktfile_get_entry(krb5_context conte
|
||||||
|
higher than that. Short-term workaround: only compare
|
||||||
|
the low 8 bits. */
|
||||||
|
|
||||||
|
- if (new_entry.vno == (kvno & 0xff)) {
|
||||||
|
+ if (new_entry.vno == (kvno & 0xff) || new_entry.vno == IGNORE_VNO) {
|
||||||
|
krb5_kt_free_entry(context, &cur_entry);
|
||||||
|
cur_entry = new_entry;
|
||||||
|
break;
|
42
krb5-lookup_etypes-leak.patch
Normal file
42
krb5-lookup_etypes-leak.patch
Normal file
@ -0,0 +1,42 @@
|
|||||||
|
Petr Spacek notes that when we walk the keytab in lookup_etypes_for_keytab(),
|
||||||
|
we don't free entries when we're finished examining them. Ensure that when
|
||||||
|
krb5_kt_next_entry() succeeds, we make sure to free the entry storage before we
|
||||||
|
exit the current loop iteration. (RT#7586)
|
||||||
|
|
||||||
|
--- a/src/lib/krb5/krb/gic_keytab.c
|
||||||
|
+++ b/src/lib/krb5/krb/gic_keytab.c
|
||||||
|
@@ -110,9 +110,9 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
|
||||||
|
goto cleanup;
|
||||||
|
|
||||||
|
if (!krb5_c_valid_enctype(entry.key.enctype))
|
||||||
|
- continue;
|
||||||
|
+ goto next_entry;
|
||||||
|
if (!krb5_principal_compare(context, entry.principal, client))
|
||||||
|
- continue;
|
||||||
|
+ goto next_entry;
|
||||||
|
/* Make sure our list is for the highest kvno found for client. */
|
||||||
|
if (entry.vno > max_kvno) {
|
||||||
|
free(etypes);
|
||||||
|
@@ -120,11 +120,12 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
|
||||||
|
count = 0;
|
||||||
|
max_kvno = entry.vno;
|
||||||
|
} else if (entry.vno != max_kvno)
|
||||||
|
- continue;
|
||||||
|
+ goto next_entry;
|
||||||
|
|
||||||
|
/* Leave room for the terminator and possibly a second entry. */
|
||||||
|
p = realloc(etypes, (count + 3) * sizeof(*etypes));
|
||||||
|
if (p == NULL) {
|
||||||
|
+ krb5_free_keytab_entry_contents(context, &entry);
|
||||||
|
ret = ENOMEM;
|
||||||
|
goto cleanup;
|
||||||
|
}
|
||||||
|
@@ -136,6 +137,8 @@ lookup_etypes_for_keytab(krb5_context context, krb5_keytab keytab,
|
||||||
|
entry.key.enctype == ENCTYPE_DES_CBC_MD4)
|
||||||
|
etypes[count++] = ENCTYPE_DES_CBC_CRC;
|
||||||
|
etypes[count] = 0;
|
||||||
|
+next_entry:
|
||||||
|
+ krb5_free_keytab_entry_contents(context, &entry);
|
||||||
|
}
|
||||||
|
|
||||||
|
ret = 0;
|
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 15 11:14:21 CET 2013 - mc@suse.de
|
||||||
|
|
||||||
|
- update to version 1.11.1
|
||||||
|
* Improve ASN.1 support code, making it table-driven for
|
||||||
|
decoding as well as encoding
|
||||||
|
* Refactor parts of KDC
|
||||||
|
* Documentation consolidation
|
||||||
|
* build docs in the main package
|
||||||
|
* bugfixing
|
||||||
|
- obsolets a lot of patches
|
||||||
|
- refactor some patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 6 12:01:32 CET 2013 - mc@suse.de
|
Wed Mar 6 12:01:32 CET 2013 - mc@suse.de
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
%define build_mini 1
|
%define build_mini 1
|
||||||
%define srcRoot krb5-1.10.2
|
%define srcRoot krb5-1.11.1
|
||||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||||
%define krb5docdir %{_defaultdocdir}/krb5
|
%define krb5docdir %{_defaultdocdir}/krb5
|
||||||
|
|
||||||
@ -25,12 +25,13 @@ Name: krb5-mini
|
|||||||
Url: http://web.mit.edu/kerberos/www/
|
Url: http://web.mit.edu/kerberos/www/
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
|
BuildRequires: doxygen
|
||||||
BuildRequires: keyutils
|
BuildRequires: keyutils
|
||||||
BuildRequires: keyutils-devel
|
BuildRequires: keyutils-devel
|
||||||
BuildRequires: libcom_err-devel
|
BuildRequires: libcom_err-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: ncurses-devel
|
BuildRequires: ncurses-devel
|
||||||
Version: 1.10.2
|
Version: 1.11.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: MIT Kerberos5 Implementation--Libraries
|
Summary: MIT Kerberos5 Implementation--Libraries
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -39,6 +40,10 @@ Group: Productivity/Networking/Security
|
|||||||
BuildRequires: libopenssl-devel
|
BuildRequires: libopenssl-devel
|
||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
|
BuildRequires: python-Cheetah
|
||||||
|
BuildRequires: python-Sphinx
|
||||||
|
BuildRequires: python-libxml2
|
||||||
|
BuildRequires: python-lxml
|
||||||
%if 0%{?suse_version} >= 1210
|
%if 0%{?suse_version} >= 1210
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
%endif
|
%endif
|
||||||
@ -52,22 +57,21 @@ Source: krb5-%{version}.tar.bz2
|
|||||||
Source1: vendor-files.tar.bz2
|
Source1: vendor-files.tar.bz2
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Source5: krb5-rpmlintrc
|
Source5: krb5-rpmlintrc
|
||||||
Source10: krb5-1.8-manpaths.txt
|
Patch1: krb5-1.11-pam.patch
|
||||||
Patch1: krb5-1.10-buildconf.patch
|
Patch2: krb5-1.9-manpaths.dif
|
||||||
Patch3: krb5-1.9-manpaths.dif
|
Patch3: krb5-1.10-buildconf.patch
|
||||||
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
|
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||||
Patch6: krb5-1.10-kpasswd_tcp.patch
|
Patch5: krb5-1.10-kpasswd_tcp.patch
|
||||||
Patch7: krb5-1.6.3-ktutil-manpage.dif
|
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
||||||
Patch10: krb5-1.7-doublelog.patch
|
Patch7: krb5-1.7-doublelog.patch
|
||||||
Patch12: krb5-1.8-api.patch
|
Patch8: krb5-1.8-api.patch
|
||||||
Patch13: krb5-1.8-pam.patch
|
Patch9: krb5-1.9-kprop-mktemp.patch
|
||||||
Patch18: krb5-1.9-kprop-mktemp.patch
|
Patch10: krb5-1.10-ksu-access.patch
|
||||||
Patch19: krb5-1.9-ksu-path.patch
|
Patch11: krb5-1.9-ksu-path.patch
|
||||||
Patch20: krb5-1.10-gcc47.patch
|
Patch12: krb5-1.11-selinux-label.patch
|
||||||
Patch21: krb5-1.10-selinux-label.patch
|
Patch13: krb5-1.9-debuginfo.patch
|
||||||
Patch22: krb5-1.10-spin-loop.patch
|
Patch14: krb5-kvno-230379.patch
|
||||||
Patch23: bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
|
Patch15: krb5-lookup_etypes-leak.patch
|
||||||
Patch24: bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||||
PreReq: %insserv_prereq %fillup_prereq
|
PreReq: %insserv_prereq %fillup_prereq
|
||||||
@ -124,6 +128,16 @@ Kerberos V5 is a trusted-third-party network authentication system,
|
|||||||
which can improve your network's security by eliminating the insecure
|
which can improve your network's security by eliminating the insecure
|
||||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: MIT Kerberos5 Implementation--Documentation
|
||||||
|
Group: Documentation/Other
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
Kerberos V5 is a trusted-third-party network authentication
|
||||||
|
system,which can improve your network's security by eliminating the
|
||||||
|
insecurepractice of clear text passwords. This package includes
|
||||||
|
extended documentation for MIT Kerberos.
|
||||||
|
|
||||||
%endif #! build_mini
|
%endif #! build_mini
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
@ -150,27 +164,21 @@ Include Files for Development
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{srcRoot}
|
%setup -q -n %{srcRoot}
|
||||||
%setup -a 1 -T -D -n %{srcRoot}
|
%setup -a 1 -T -D -n %{srcRoot}
|
||||||
%patch13 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch21 -p1
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch18 -p1
|
%patch13 -p0
|
||||||
%patch19 -p1
|
%patch14 -p1
|
||||||
%patch20
|
%patch15 -p1
|
||||||
%patch22 -p1
|
|
||||||
%patch23 -p1
|
|
||||||
%patch24 -p1
|
|
||||||
# Rename the man pages so that they'll get generated correctly.
|
|
||||||
pushd src
|
|
||||||
cat %{SOURCE10} | while read manpage ; do
|
|
||||||
mv "$manpage" "$manpage".in
|
|
||||||
done
|
|
||||||
popd
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# needs to be re-generated
|
# needs to be re-generated
|
||||||
@ -196,7 +204,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
|||||||
--with-ldap \
|
--with-ldap \
|
||||||
--with-pam \
|
--with-pam \
|
||||||
--enable-pkinit \
|
--enable-pkinit \
|
||||||
--with-selinux \
|
|
||||||
%else
|
%else
|
||||||
--disable-pkinit \
|
--disable-pkinit \
|
||||||
--without-pam \
|
--without-pam \
|
||||||
@ -204,6 +211,12 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
|||||||
--with-system-et \
|
--with-system-et \
|
||||||
--with-system-ss
|
--with-system-ss
|
||||||
make %{?jobs:-j%jobs}
|
make %{?jobs:-j%jobs}
|
||||||
|
%if ! 0%{?build_mini}
|
||||||
|
cd doc
|
||||||
|
make %{?jobs:-j%jobs} substhtml
|
||||||
|
cp -a html_subst ../../html
|
||||||
|
cd ..
|
||||||
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
cd src
|
cd src
|
||||||
@ -279,8 +292,10 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos
|
|||||||
# cleanup
|
# cleanup
|
||||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||||
rm -f /usr/share/man/man1/tmac.doc*
|
rm -f /usr/share/man/man1/tmac.doc*
|
||||||
|
#rm -rf /usr/lib/mit/share
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
||||||
|
|
||||||
#####################################################
|
#####################################################
|
||||||
# krb5(-mini) pre/post/postun
|
# krb5(-mini) pre/post/postun
|
||||||
#####################################################
|
#####################################################
|
||||||
@ -356,13 +371,11 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so
|
%{_libdir}/libkrb5.so
|
||||||
%{_libdir}/libkrb5support.so
|
%{_libdir}/libkrb5support.so
|
||||||
%{_libdir}/libverto.so
|
%{_libdir}/libverto.so
|
||||||
%{_libdir}/libverto-k5ev.so
|
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
/usr/lib/mit/bin/krb5-config
|
/usr/lib/mit/bin/krb5-config
|
||||||
/usr/lib/mit/sbin/krb5-send-pr
|
/usr/lib/mit/sbin/krb5-send-pr
|
||||||
/usr/lib/mit/share/gnats
|
/usr/lib/mit/share/gnats
|
||||||
%{_mandir}/man1/krb5-send-pr.1*
|
%{_mandir}/man1/krb5-send-pr.1*
|
||||||
%{_mandir}/man1/krb5-config.1*
|
|
||||||
%{_datadir}/aclocal/ac_check_krb5.m4
|
%{_datadir}/aclocal/ac_check_krb5.m4
|
||||||
|
|
||||||
%if %{build_mini}
|
%if %{build_mini}
|
||||||
@ -401,7 +414,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so.*
|
%{_libdir}/libkrb5.so.*
|
||||||
%{_libdir}/libkrb5support.so.*
|
%{_libdir}/libkrb5support.so.*
|
||||||
%{_libdir}/libverto.so.*
|
%{_libdir}/libverto.so.*
|
||||||
%{_libdir}/libverto-k5ev.so.*
|
|
||||||
%{_libdir}/krb5/plugins/kdb/*
|
%{_libdir}/krb5/plugins/kdb/*
|
||||||
#/usr/lib/mit/sbin/*
|
#/usr/lib/mit/sbin/*
|
||||||
/usr/lib/mit/sbin/kadmin.local
|
/usr/lib/mit/sbin/kadmin.local
|
||||||
@ -438,7 +450,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_mandir}/man1/kdestroy.1*
|
%{_mandir}/man1/kdestroy.1*
|
||||||
%{_mandir}/man1/kpasswd.1*
|
%{_mandir}/man1/kpasswd.1*
|
||||||
%{_mandir}/man1/klist.1*
|
%{_mandir}/man1/klist.1*
|
||||||
%{_mandir}/man1/kerberos.1*
|
|
||||||
%{_mandir}/man1/ksu.1*
|
%{_mandir}/man1/ksu.1*
|
||||||
%{_mandir}/man1/sclient.1*
|
%{_mandir}/man1/sclient.1*
|
||||||
%{_mandir}/man1/kadmin.1*
|
%{_mandir}/man1/kadmin.1*
|
||||||
@ -474,7 +485,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so.*
|
%{_libdir}/libkrb5.so.*
|
||||||
%{_libdir}/libkrb5support.so.*
|
%{_libdir}/libkrb5support.so.*
|
||||||
%{_libdir}/libverto.so.*
|
%{_libdir}/libverto.so.*
|
||||||
%{_libdir}/libverto-k5ev.so.*
|
|
||||||
|
|
||||||
%files server
|
%files server
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -514,6 +524,7 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
/usr/lib/mit/sbin/uuserver
|
/usr/lib/mit/sbin/uuserver
|
||||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||||
%{_mandir}/man5/kdc.conf.5*
|
%{_mandir}/man5/kdc.conf.5*
|
||||||
|
%{_mandir}/man5/kadm5.acl.5*
|
||||||
%{_mandir}/man8/kadmind.8*
|
%{_mandir}/man8/kadmind.8*
|
||||||
%{_mandir}/man8/kadmin.local.8*
|
%{_mandir}/man8/kadmin.local.8*
|
||||||
%{_mandir}/man8/kpropd.8*
|
%{_mandir}/man8/kpropd.8*
|
||||||
@ -549,7 +560,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_mandir}/man1/kdestroy.1*
|
%{_mandir}/man1/kdestroy.1*
|
||||||
%{_mandir}/man1/kpasswd.1*
|
%{_mandir}/man1/kpasswd.1*
|
||||||
%{_mandir}/man1/klist.1*
|
%{_mandir}/man1/klist.1*
|
||||||
%{_mandir}/man1/kerberos.1*
|
|
||||||
%{_mandir}/man1/kadmin.1*
|
%{_mandir}/man1/kadmin.1*
|
||||||
%{_mandir}/man1/ktutil.1*
|
%{_mandir}/man1/ktutil.1*
|
||||||
%{_mandir}/man1/k5srvutil.1*
|
%{_mandir}/man1/k5srvutil.1*
|
||||||
@ -582,6 +592,11 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%dir %{_libdir}/krb5/plugins
|
%dir %{_libdir}/krb5/plugins
|
||||||
%dir %{_libdir}/krb5/plugins/preauth
|
%dir %{_libdir}/krb5/plugins/preauth
|
||||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc html doc/CHANGES doc/README
|
||||||
|
|
||||||
%endif #build_mini
|
%endif #build_mini
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
13
krb5.changes
13
krb5.changes
@ -1,3 +1,16 @@
|
|||||||
|
-------------------------------------------------------------------
|
||||||
|
Fri Mar 15 11:14:21 CET 2013 - mc@suse.de
|
||||||
|
|
||||||
|
- update to version 1.11.1
|
||||||
|
* Improve ASN.1 support code, making it table-driven for
|
||||||
|
decoding as well as encoding
|
||||||
|
* Refactor parts of KDC
|
||||||
|
* Documentation consolidation
|
||||||
|
* build docs in the main package
|
||||||
|
* bugfixing
|
||||||
|
- obsolets a lot of patches
|
||||||
|
- refactor some patches
|
||||||
|
|
||||||
-------------------------------------------------------------------
|
-------------------------------------------------------------------
|
||||||
Wed Mar 6 12:01:32 CET 2013 - mc@suse.de
|
Wed Mar 6 12:01:32 CET 2013 - mc@suse.de
|
||||||
|
|
||||||
|
95
krb5.spec
95
krb5.spec
@ -17,7 +17,7 @@
|
|||||||
|
|
||||||
|
|
||||||
%define build_mini 0
|
%define build_mini 0
|
||||||
%define srcRoot krb5-1.10.2
|
%define srcRoot krb5-1.11.1
|
||||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||||
%define krb5docdir %{_defaultdocdir}/krb5
|
%define krb5docdir %{_defaultdocdir}/krb5
|
||||||
|
|
||||||
@ -25,12 +25,13 @@ Name: krb5
|
|||||||
Url: http://web.mit.edu/kerberos/www/
|
Url: http://web.mit.edu/kerberos/www/
|
||||||
BuildRequires: autoconf
|
BuildRequires: autoconf
|
||||||
BuildRequires: bison
|
BuildRequires: bison
|
||||||
|
BuildRequires: doxygen
|
||||||
BuildRequires: keyutils
|
BuildRequires: keyutils
|
||||||
BuildRequires: keyutils-devel
|
BuildRequires: keyutils-devel
|
||||||
BuildRequires: libcom_err-devel
|
BuildRequires: libcom_err-devel
|
||||||
BuildRequires: libselinux-devel
|
BuildRequires: libselinux-devel
|
||||||
BuildRequires: ncurses-devel
|
BuildRequires: ncurses-devel
|
||||||
Version: 1.10.2
|
Version: 1.11.1
|
||||||
Release: 0
|
Release: 0
|
||||||
Summary: MIT Kerberos5 Implementation--Libraries
|
Summary: MIT Kerberos5 Implementation--Libraries
|
||||||
License: MIT
|
License: MIT
|
||||||
@ -39,6 +40,10 @@ Group: Productivity/Networking/Security
|
|||||||
BuildRequires: libopenssl-devel
|
BuildRequires: libopenssl-devel
|
||||||
BuildRequires: openldap2-devel
|
BuildRequires: openldap2-devel
|
||||||
BuildRequires: pam-devel
|
BuildRequires: pam-devel
|
||||||
|
BuildRequires: python-Cheetah
|
||||||
|
BuildRequires: python-Sphinx
|
||||||
|
BuildRequires: python-libxml2
|
||||||
|
BuildRequires: python-lxml
|
||||||
%if 0%{?suse_version} >= 1210
|
%if 0%{?suse_version} >= 1210
|
||||||
BuildRequires: pkgconfig(systemd)
|
BuildRequires: pkgconfig(systemd)
|
||||||
%endif
|
%endif
|
||||||
@ -52,22 +57,21 @@ Source: krb5-%{version}.tar.bz2
|
|||||||
Source1: vendor-files.tar.bz2
|
Source1: vendor-files.tar.bz2
|
||||||
Source2: baselibs.conf
|
Source2: baselibs.conf
|
||||||
Source5: krb5-rpmlintrc
|
Source5: krb5-rpmlintrc
|
||||||
Source10: krb5-1.8-manpaths.txt
|
Patch1: krb5-1.11-pam.patch
|
||||||
Patch1: krb5-1.10-buildconf.patch
|
Patch2: krb5-1.9-manpaths.dif
|
||||||
Patch3: krb5-1.9-manpaths.dif
|
Patch3: krb5-1.10-buildconf.patch
|
||||||
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
|
Patch4: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||||
Patch6: krb5-1.10-kpasswd_tcp.patch
|
Patch5: krb5-1.10-kpasswd_tcp.patch
|
||||||
Patch7: krb5-1.6.3-ktutil-manpage.dif
|
Patch6: krb5-1.6.3-ktutil-manpage.dif
|
||||||
Patch10: krb5-1.7-doublelog.patch
|
Patch7: krb5-1.7-doublelog.patch
|
||||||
Patch12: krb5-1.8-api.patch
|
Patch8: krb5-1.8-api.patch
|
||||||
Patch13: krb5-1.8-pam.patch
|
Patch9: krb5-1.9-kprop-mktemp.patch
|
||||||
Patch18: krb5-1.9-kprop-mktemp.patch
|
Patch10: krb5-1.10-ksu-access.patch
|
||||||
Patch19: krb5-1.9-ksu-path.patch
|
Patch11: krb5-1.9-ksu-path.patch
|
||||||
Patch20: krb5-1.10-gcc47.patch
|
Patch12: krb5-1.11-selinux-label.patch
|
||||||
Patch21: krb5-1.10-selinux-label.patch
|
Patch13: krb5-1.9-debuginfo.patch
|
||||||
Patch22: krb5-1.10-spin-loop.patch
|
Patch14: krb5-kvno-230379.patch
|
||||||
Patch23: bug-806715-CVE-2013-1415-fix-PKINIT-null-pointer-deref.dif
|
Patch15: krb5-lookup_etypes-leak.patch
|
||||||
Patch24: bug-807556-CVE-2012-1016-fix-PKINIT-null-pointer-deref2.dif
|
|
||||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||||
PreReq: %insserv_prereq %fillup_prereq
|
PreReq: %insserv_prereq %fillup_prereq
|
||||||
@ -124,6 +128,16 @@ Kerberos V5 is a trusted-third-party network authentication system,
|
|||||||
which can improve your network's security by eliminating the insecure
|
which can improve your network's security by eliminating the insecure
|
||||||
practice of cleartext passwords. This package includes a PKINIT plugin.
|
practice of cleartext passwords. This package includes a PKINIT plugin.
|
||||||
|
|
||||||
|
%package doc
|
||||||
|
Summary: MIT Kerberos5 Implementation--Documentation
|
||||||
|
Group: Documentation/Other
|
||||||
|
|
||||||
|
%description doc
|
||||||
|
Kerberos V5 is a trusted-third-party network authentication
|
||||||
|
system,which can improve your network's security by eliminating the
|
||||||
|
insecurepractice of clear text passwords. This package includes
|
||||||
|
extended documentation for MIT Kerberos.
|
||||||
|
|
||||||
%endif #! build_mini
|
%endif #! build_mini
|
||||||
|
|
||||||
%package devel
|
%package devel
|
||||||
@ -150,27 +164,21 @@ Include Files for Development
|
|||||||
%prep
|
%prep
|
||||||
%setup -q -n %{srcRoot}
|
%setup -q -n %{srcRoot}
|
||||||
%setup -a 1 -T -D -n %{srcRoot}
|
%setup -a 1 -T -D -n %{srcRoot}
|
||||||
%patch13 -p1
|
|
||||||
%patch3 -p1
|
|
||||||
%patch21 -p1
|
|
||||||
%patch1 -p1
|
%patch1 -p1
|
||||||
|
%patch2 -p1
|
||||||
|
%patch3 -p1
|
||||||
|
%patch4 -p1
|
||||||
%patch5 -p1
|
%patch5 -p1
|
||||||
%patch6 -p1
|
%patch6 -p1
|
||||||
%patch7 -p1
|
%patch7 -p1
|
||||||
|
%patch8 -p1
|
||||||
|
%patch9 -p1
|
||||||
%patch10 -p1
|
%patch10 -p1
|
||||||
|
%patch11 -p1
|
||||||
%patch12 -p1
|
%patch12 -p1
|
||||||
%patch18 -p1
|
%patch13 -p0
|
||||||
%patch19 -p1
|
%patch14 -p1
|
||||||
%patch20
|
%patch15 -p1
|
||||||
%patch22 -p1
|
|
||||||
%patch23 -p1
|
|
||||||
%patch24 -p1
|
|
||||||
# Rename the man pages so that they'll get generated correctly.
|
|
||||||
pushd src
|
|
||||||
cat %{SOURCE10} | while read manpage ; do
|
|
||||||
mv "$manpage" "$manpage".in
|
|
||||||
done
|
|
||||||
popd
|
|
||||||
|
|
||||||
%build
|
%build
|
||||||
# needs to be re-generated
|
# needs to be re-generated
|
||||||
@ -196,7 +204,6 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
|||||||
--with-ldap \
|
--with-ldap \
|
||||||
--with-pam \
|
--with-pam \
|
||||||
--enable-pkinit \
|
--enable-pkinit \
|
||||||
--with-selinux \
|
|
||||||
%else
|
%else
|
||||||
--disable-pkinit \
|
--disable-pkinit \
|
||||||
--without-pam \
|
--without-pam \
|
||||||
@ -204,6 +211,12 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
|
|||||||
--with-system-et \
|
--with-system-et \
|
||||||
--with-system-ss
|
--with-system-ss
|
||||||
make %{?jobs:-j%jobs}
|
make %{?jobs:-j%jobs}
|
||||||
|
%if ! 0%{?build_mini}
|
||||||
|
cd doc
|
||||||
|
make %{?jobs:-j%jobs} substhtml
|
||||||
|
cp -a html_subst ../../html
|
||||||
|
cd ..
|
||||||
|
%endif
|
||||||
|
|
||||||
%install
|
%install
|
||||||
cd src
|
cd src
|
||||||
@ -279,8 +292,10 @@ install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos
|
|||||||
# cleanup
|
# cleanup
|
||||||
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
|
||||||
rm -f /usr/share/man/man1/tmac.doc*
|
rm -f /usr/share/man/man1/tmac.doc*
|
||||||
|
#rm -rf /usr/lib/mit/share
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
rm -rf %{buildroot}/usr/lib/mit/share/examples
|
||||||
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
rm -rf %{buildroot}/usr/lib/mit/share/locale
|
||||||
|
|
||||||
#####################################################
|
#####################################################
|
||||||
# krb5(-mini) pre/post/postun
|
# krb5(-mini) pre/post/postun
|
||||||
#####################################################
|
#####################################################
|
||||||
@ -356,13 +371,11 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so
|
%{_libdir}/libkrb5.so
|
||||||
%{_libdir}/libkrb5support.so
|
%{_libdir}/libkrb5support.so
|
||||||
%{_libdir}/libverto.so
|
%{_libdir}/libverto.so
|
||||||
%{_libdir}/libverto-k5ev.so
|
|
||||||
%{_includedir}/*
|
%{_includedir}/*
|
||||||
/usr/lib/mit/bin/krb5-config
|
/usr/lib/mit/bin/krb5-config
|
||||||
/usr/lib/mit/sbin/krb5-send-pr
|
/usr/lib/mit/sbin/krb5-send-pr
|
||||||
/usr/lib/mit/share/gnats
|
/usr/lib/mit/share/gnats
|
||||||
%{_mandir}/man1/krb5-send-pr.1*
|
%{_mandir}/man1/krb5-send-pr.1*
|
||||||
%{_mandir}/man1/krb5-config.1*
|
|
||||||
%{_datadir}/aclocal/ac_check_krb5.m4
|
%{_datadir}/aclocal/ac_check_krb5.m4
|
||||||
|
|
||||||
%if %{build_mini}
|
%if %{build_mini}
|
||||||
@ -401,7 +414,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so.*
|
%{_libdir}/libkrb5.so.*
|
||||||
%{_libdir}/libkrb5support.so.*
|
%{_libdir}/libkrb5support.so.*
|
||||||
%{_libdir}/libverto.so.*
|
%{_libdir}/libverto.so.*
|
||||||
%{_libdir}/libverto-k5ev.so.*
|
|
||||||
%{_libdir}/krb5/plugins/kdb/*
|
%{_libdir}/krb5/plugins/kdb/*
|
||||||
#/usr/lib/mit/sbin/*
|
#/usr/lib/mit/sbin/*
|
||||||
/usr/lib/mit/sbin/kadmin.local
|
/usr/lib/mit/sbin/kadmin.local
|
||||||
@ -438,7 +450,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_mandir}/man1/kdestroy.1*
|
%{_mandir}/man1/kdestroy.1*
|
||||||
%{_mandir}/man1/kpasswd.1*
|
%{_mandir}/man1/kpasswd.1*
|
||||||
%{_mandir}/man1/klist.1*
|
%{_mandir}/man1/klist.1*
|
||||||
%{_mandir}/man1/kerberos.1*
|
|
||||||
%{_mandir}/man1/ksu.1*
|
%{_mandir}/man1/ksu.1*
|
||||||
%{_mandir}/man1/sclient.1*
|
%{_mandir}/man1/sclient.1*
|
||||||
%{_mandir}/man1/kadmin.1*
|
%{_mandir}/man1/kadmin.1*
|
||||||
@ -474,7 +485,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_libdir}/libkrb5.so.*
|
%{_libdir}/libkrb5.so.*
|
||||||
%{_libdir}/libkrb5support.so.*
|
%{_libdir}/libkrb5support.so.*
|
||||||
%{_libdir}/libverto.so.*
|
%{_libdir}/libverto.so.*
|
||||||
%{_libdir}/libverto-k5ev.so.*
|
|
||||||
|
|
||||||
%files server
|
%files server
|
||||||
%defattr(-,root,root)
|
%defattr(-,root,root)
|
||||||
@ -514,6 +524,7 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
/usr/lib/mit/sbin/uuserver
|
/usr/lib/mit/sbin/uuserver
|
||||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||||
%{_mandir}/man5/kdc.conf.5*
|
%{_mandir}/man5/kdc.conf.5*
|
||||||
|
%{_mandir}/man5/kadm5.acl.5*
|
||||||
%{_mandir}/man8/kadmind.8*
|
%{_mandir}/man8/kadmind.8*
|
||||||
%{_mandir}/man8/kadmin.local.8*
|
%{_mandir}/man8/kadmin.local.8*
|
||||||
%{_mandir}/man8/kpropd.8*
|
%{_mandir}/man8/kpropd.8*
|
||||||
@ -549,7 +560,6 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%{_mandir}/man1/kdestroy.1*
|
%{_mandir}/man1/kdestroy.1*
|
||||||
%{_mandir}/man1/kpasswd.1*
|
%{_mandir}/man1/kpasswd.1*
|
||||||
%{_mandir}/man1/klist.1*
|
%{_mandir}/man1/klist.1*
|
||||||
%{_mandir}/man1/kerberos.1*
|
|
||||||
%{_mandir}/man1/kadmin.1*
|
%{_mandir}/man1/kadmin.1*
|
||||||
%{_mandir}/man1/ktutil.1*
|
%{_mandir}/man1/ktutil.1*
|
||||||
%{_mandir}/man1/k5srvutil.1*
|
%{_mandir}/man1/k5srvutil.1*
|
||||||
@ -582,6 +592,11 @@ rm -rf %{buildroot}/usr/lib/mit/share/locale
|
|||||||
%dir %{_libdir}/krb5/plugins
|
%dir %{_libdir}/krb5/plugins
|
||||||
%dir %{_libdir}/krb5/plugins/preauth
|
%dir %{_libdir}/krb5/plugins/preauth
|
||||||
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
%{_libdir}/krb5/plugins/preauth/pkinit.so
|
||||||
|
|
||||||
|
%files doc
|
||||||
|
%defattr(-,root,root)
|
||||||
|
%doc html doc/CHANGES doc/README
|
||||||
|
|
||||||
%endif #build_mini
|
%endif #build_mini
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
Loading…
Reference in New Issue
Block a user