Accepting request 33933 from network

checked in (request 33933) OBS-URL: https://build.opensuse.org/request/show/33933 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=12
2010-03-05 01:10:03 +00:00 · 2010-03-05 01:10:03 +00:00 · 2e036bfdfd
commit 2e036bfdfd
parent 6c03664bc8
25 changed files with 987 additions and 218 deletions
--- a/README.Source
+++ b/README.Source
@ -0,0 +1,9 @@
 Because of potential legal risk we have removed the
 file "src/appl/telnet/libtelnet/spx.c" from the
 source tarball.
 If you want to see the original sources you can download 
 them from 
    http://web.mit.edu/kerberos/www/ .
--- a/krb5-1.4.3-enospc.dif
+++ b/krb5-1.4.3-enospc.dif
@ -1,24 +1,24 @@
 If the error message is going to be ambiguous, try to give the user some clue
 by returning the last error reported by the OS.
-Index: krb5-1.8-alpha1/src/clients/kinit/kinit.c
+Index: krb5-1.7/src/clients/kinit/kinit.c
 ===================================================================
--- krb5-1.8-alpha1.orig/src/clients/kinit/kinit.c
+--- krb5-1.7.orig/src/clients/kinit/kinit.c
-+++ krb5-1.8-alpha1/src/clients/kinit/kinit.c
+++ krb5-1.7/src/clients/kinit/kinit.c
-@@ -712,8 +712,14 @@ k5_kinit(opts, k5)
+@@ -670,8 +670,14 @@ k5_kinit(opts, k5)
-         code = krb5_cc_initialize(k5->ctx, k5->cc, opts->canonicalize ?
+     code = krb5_cc_initialize(k5->ctx, k5->cc,
-                                   my_creds.client : k5->me);
+ 			      opts->canonicalize ? my_creds.client : k5->me);
-         if (code) {
+     if (code) {
-            com_err(progname, code, "when initializing cache %s",
+-	com_err(progname, code, "when initializing cache %s",
-                    opts->k5_cache_name?opts->k5_cache_name:"");
+-		opts->k5_cache_name?opts->k5_cache_name:"");
-+            if ((code == KRB5_CC_IO) && (errno != 0)) {
+	if ((code == KRB5_CC_IO) && (errno != 0)) {
-+               com_err(progname, code, "when initializing cache %s: %s",
+	    com_err(progname, code, "when initializing cache %s: %s",
-+                       opts->k5_cache_name?opts->k5_cache_name:"",
+		    opts->k5_cache_name?opts->k5_cache_name:"",
-+                       strerror(errno));
+		    strerror(errno));
-+            } else {
+	} else {
-+               com_err(progname, code, "when initializing cache %s",
+	    com_err(progname, code, "when initializing cache %s",
-+                       opts->k5_cache_name?opts->k5_cache_name:"");
+		    opts->k5_cache_name?opts->k5_cache_name:"");
-+            }
+	}
-             goto cleanup;
+ 	goto cleanup;
-         }
+     }
--- a/krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
+++ b/krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
@ -0,0 +1,13 @@
 Index: src/appl/gssftp/ftp/ftp.c
 ===================================================================
 --- src/appl/gssftp/ftp/ftp.c.orig
 +++ src/appl/gssftp/ftp/ftp.c
@@ -1912,7 +1912,7 @@ int do_auth()
 #ifdef GSSAPI
 	if (command("AUTH %s", "GSSAPI") == CONTINUE) {
 -	  OM_uint32 maj_stat, min_stat, dummy_stat;
 +	  OM_uint32 maj_stat = GSS_S_FAILURE , min_stat, dummy_stat;
 	  gss_name_t target_name;
 	  gss_buffer_desc send_tok, recv_tok, *token_ptr;
 	  char stbuf[FTP_BUFSIZ];
--- a/krb5-1.5.1-fix-var-used-before-value-set.dif
+++ b/krb5-1.5.1-fix-var-used-before-value-set.dif
@ -0,0 +1,10 @@
 --- src/appl/telnet/telnetd/utility.c
 +++ src/appl/telnet/telnetd/utility.c	2006/11/06 10:34:09
@@ -127,6 +127,7 @@
     }
     tv.tv_sec = 1;
     tv.tv_usec = 0;
 +    FD_ZERO(&fds);
     FD_SET(net, &fds);
     while (select(net + 1, &fds, NULL, NULL, &tv) == 1)
--- a/krb5-1.6.1-compile_pie.dif
+++ b/krb5-1.6.1-compile_pie.dif
@ -15,7 +15,7 @@ Index: src/config/shlib.conf
 ===================================================================
 --- src/config/shlib.conf.orig
 +++ src/config/shlib.conf
-@@ -419,7 +419,8 @@ mips-*-netbsd*)
+@@ -420,7 +420,8 @@ mips-*-netbsd*)
 	PROFFLAGS=-pg
 	RPATH_FLAG='-Wl,-rpath -Wl,'
 	PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
--- a/krb5-1.6.3-fix-ipv6-query.dif
+++ b/krb5-1.6.3-fix-ipv6-query.dif
@ -1,9 +1,9 @@
-Index: krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
+Index: trunk/src/lib/krb5/os/hostaddr.c
 ===================================================================
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hostaddr.c
+--- trunk.orig/src/lib/krb5/os/hostaddr.c
-+++ krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
+++ trunk/src/lib/krb5/os/hostaddr.c
-@@ -44,7 +44,7 @@ krb5_os_hostaddr(krb5_context context, c
+@@ -43,7 +43,7 @@ krb5_os_hostaddr(krb5_context context, c
-         return KRB5_ERR_BAD_HOSTNAME;
+ 	return KRB5_ERR_BAD_HOSTNAME;
     memset (&hints, 0, sizeof (hints));
 -    hints.ai_flags = AI_NUMERICHOST;
@ -11,11 +11,11 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
     /* We don't care what kind at this point, really, but without
        this, we can get back multiple sockaddrs per address, for
        SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW.  I haven't checked if
-Index: krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
+Index: trunk/src/lib/krb5/os/hst_realm.c
 ===================================================================
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hst_realm.c
+--- trunk.orig/src/lib/krb5/os/hst_realm.c
-+++ krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
+++ trunk/src/lib/krb5/os/hst_realm.c
-@@ -103,7 +103,7 @@ get_fq_hostname(char *buf, size_t bufsiz
+@@ -171,7 +171,7 @@ krb5int_get_fq_hostname (char *buf, size
     int err;
     memset (&hints, 0, sizeof (hints));
@ -23,12 +23,12 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
 +    hints.ai_flags = AI_CANONNAME | AI_ADDRCONFIG;
     err = getaddrinfo (name, 0, &hints, &ai);
     if (err)
-         return krb5int_translate_gai_error (err);
+ 	return krb5int_translate_gai_error (err);
-Index: krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
+Index: trunk/src/lib/krb5/os/locate_kdc.c
 ===================================================================
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/locate_kdc.c
+--- trunk.orig/src/lib/krb5/os/locate_kdc.c
-+++ krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
+++ trunk/src/lib/krb5/os/locate_kdc.c
-@@ -259,8 +259,9 @@ krb5int_add_host_to_list (struct addrlis
+@@ -254,8 +254,9 @@ krb5int_add_host_to_list (struct addrlis
     memset(&hint, 0, sizeof(hint));
     hint.ai_family = family;
     hint.ai_socktype = socktype;
@ -37,18 +37,18 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
 -    hint.ai_flags = AI_NUMERICSERV;
 +    hint.ai_flags |= AI_NUMERICSERV;
 #endif
-     result = snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port));
+     if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
-     if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
+ 	/* XXX */
-Index: krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
+Index: trunk/src/lib/krb5/os/sn2princ.c
 ===================================================================
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/sn2princ.c
+--- trunk.orig/src/lib/krb5/os/sn2princ.c
-+++ krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
+++ trunk/src/lib/krb5/os/sn2princ.c
-@@ -108,7 +108,7 @@ krb5_sname_to_principal(krb5_context con
+@@ -107,7 +107,7 @@ krb5_sname_to_principal(krb5_context con
-             memset(&hints, 0, sizeof(hints));
+ 	    memset(&hints, 0, sizeof(hints));
-             hints.ai_family = AF_INET;
+ 	    hints.ai_family = AF_INET;
-            hints.ai_flags = AI_CANONNAME;
+-	    hints.ai_flags = AI_CANONNAME;
-+            hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG;
+	    hints.ai_flags = AI_CANONNAME|AI_ADDRCONFIG;
-         try_getaddrinfo_again:
+ 	try_getaddrinfo_again:
-             err = getaddrinfo(hostname, 0, &hints, &ai);
+ 	    err = getaddrinfo(hostname, 0, &hints, &ai);
-             if (err) {
+ 	    if (err) {
--- a/krb5-1.6.3-kpasswd_tcp.patch
+++ b/krb5-1.6.3-kpasswd_tcp.patch
@ -5,30 +5,31 @@ Index: src/lib/krb5/os/changepw.c
 ===================================================================
 --- src/lib/krb5/os/changepw.c.orig
 +++ src/lib/krb5/os/changepw.c
-@@ -271,10 +271,22 @@ change_set_password(krb5_context context
+@@ -261,11 +261,22 @@ krb5_change_set_password(krb5_context co
-                                    NULL
+ 				   NULL,
-              ))) {
+ 				   NULL
- 
+ 		 ))) {
-            /*
+-
-             * Here we may want to switch to TCP on some errors.
+-	    /*
-             * right?
+-	     * Here we may want to switch to TCP on some errors.
-             */
+-	     * right?
-+            /* if we're not using a stream socket, and it's an error which
+-	     */
-+             * might reasonably be specific to a datagram "connection", try
+	    /* if we're not using a stream socket, and it's an error which
-+             * again with a stream socket */
+	     * might reasonably be specific to a datagram "connection", try
-+            if (!useTcp) {
+	     * again with a stream socket */
-+                switch (code) {
+	    if (!useTcp) {
-+                case KRB5_KDC_UNREACH:
+		switch (code) {
-+                case KRB5_REALM_CANT_RESOLVE:
+		case KRB5_KDC_UNREACH:
-+                case KRB5KRB_ERR_RESPONSE_TOO_BIG:
+		case KRB5_REALM_CANT_RESOLVE:
-+                /* should we do this for more result codes than these? */
+		case KRB5KRB_ERR_RESPONSE_TOO_BIG:
-+                    krb5int_free_addrlist (&al);
+		/* should we do this for more result codes than these? */
-+                    useTcp = 1;
+		    krb5int_free_addrlist (&al);
-+                    continue;
+		    useTcp = 1;
-+                default:
+		    continue;
-+                    break;
+		default:
-+                }
+		    break;
-+            }
+		}
-             break;
+	    }
-         }
+ 	    break;
 	}
--- a/krb5-1.6.3-kprop-use-mkstemp.dif
+++ b/krb5-1.6.3-kprop-use-mkstemp.dif
@ -2,18 +2,18 @@ Index: src/slave/kprop.c
 ===================================================================
 --- src/slave/kprop.c.orig
 +++ src/slave/kprop.c
-@@ -206,6 +206,7 @@ void get_tickets(context)
+@@ -215,6 +215,7 @@ void get_tickets(context)
-     krb5_error_code retval;
+ 	krb5_error_code retval;
-     static char tkstring[] = "/tmp/kproptktXXXXXX";
+ 	static char tkstring[] = "/tmp/kproptktXXXXXX";
-     krb5_keytab keytab = NULL;
+ 	krb5_keytab keytab = NULL;
-+    int ret = 0;
+        int ret = 0;
-     /*
+ 	/*
-      * Figure out what tickets we'll be using to send stuff
+ 	 * Figure out what tickets we'll be using to send stuff
-@@ -231,7 +232,15 @@ void get_tickets(context)
+@@ -240,7 +241,15 @@ void get_tickets(context)
-     /*
+ 	/*
-      * Initialize cache file which we're going to be using
+ 	 * Initialize cache file which we're going to be using
-      */
+ 	 */
 +#ifdef HAVE_MKSTEMP
 +        ret = mkstemp(tkstring);
 +        if (ret == -1) {
@ -21,8 +21,8 @@ Index: src/slave/kprop.c
 +            exit(1);
 +        } else close(ret);
 +#else
-     (void) mktemp(tkstring);
+ 	(void) mktemp(tkstring);
 +#endif
-     snprintf(buf, sizeof(buf), "FILE:%s", tkstring);
+ 	snprintf(buf, sizeof(buf), "FILE:%s", tkstring);
-     retval = krb5_cc_resolve(context, buf, &ccache);
+ 	retval = krb5_cc_resolve(context, buf, &ccache);
--- a/krb5-1.7-MITKRB5-SA-2009-003.dif
+++ b/krb5-1.7-MITKRB5-SA-2009-003.dif
@ -0,0 +1,27 @@
 Index: krb5-1.7/src/kdc/do_tgs_req.c
 ===================================================================
 --- krb5-1.7.orig/src/kdc/do_tgs_req.c
 +++ krb5-1.7/src/kdc/do_tgs_req.c
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request
             free(temp_buf);
             if (retval) {
                 /* no match found */
 -                kdc_err(kdc_context, retval, 0);
 +                kdc_err(kdc_context, retval, "unable to find realm of host");
                 goto cleanup;
             }
             if (realms == 0) {
 Index: krb5-1.7/src/lib/kadm5/logger.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/kadm5/logger.c
 +++ krb5-1.7/src/lib/kadm5/logger.c
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, lo
     char	*cp;
     char	*syslogp;
 +    if (whoami == NULL || format == NULL)
 +	return;
 +
     /* Make the header */
     snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
     /*
--- a/krb5-1.7-MITKRB5-SA-2009-004.dif
+++ b/krb5-1.7-MITKRB5-SA-2009-004.dif
@ -0,0 +1,377 @@
 Index: krb5-1.7/src/lib/crypto/Makefile.in
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/Makefile.in
 +++ krb5-1.7/src/lib/crypto/Makefile.in
@@ -18,6 +18,7 @@ EXTRADEPSRCS=\
 	$(srcdir)/t_nfold.c	\
 	$(srcdir)/t_cf2.c \
 	$(srcdir)/t_encrypt.c	\
 +	$(srcdir)/t_short.c	\
 	$(srcdir)/t_prf.c \
 	$(srcdir)/t_prng.c	\
 	$(srcdir)/t_hmac.c	\
@@ -206,7 +207,7 @@ libcrypto.lib:
 clean-unix:: clean-liblinks clean-libs clean-libobjs
 -check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2
 +check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 t_short
 	$(RUN_SETUP) $(VALGRIND) ./t_nfold
 	$(RUN_SETUP) $(VALGRIND) ./t_encrypt
 	$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
@@ -216,6 +217,7 @@ check-unix:: t_nfold t_encrypt t_prf t_p
 	diff t_prf.output $(srcdir)/t_prf.expected
 	$(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
 	diff t_cf2.output $(srcdir)/t_cf2.expected
 +	$(RUN_SETUP) $(VALGRIND) ./t_short
 #	$(RUN_SETUP) $(VALGRIND) ./t_pkcs5
@@ -249,10 +251,14 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(CRYPTO
 	$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
 		$(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
 +t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
 +	$(CC_LINK) -o $@ t_short.$(OBJEXT) \
 +		$(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
 clean::
 	$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \
 -		t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o t_cf2 t_cf2.o
 +		t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
 +		t_cf2 t_cf2.o t_short t_short.o
 	-$(RM) t_prng.output
 all-windows::
 Index: krb5-1.7/src/lib/crypto/arcfour/arcfour.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/arcfour/arcfour.c
 +++ krb5-1.7/src/lib/crypto/arcfour/arcfour.c
@@ -199,6 +199,12 @@ krb5_arcfour_decrypt(const struct krb5_e
   keylength = enc->keylength;
   hashsize = hash->hashsize;
 +  /* Verify input and output lengths. */
 +  if (input->length < hashsize + CONFOUNDERLENGTH)
 +    return KRB5_BAD_MSIZE;
 +  if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
 +    return KRB5_BAD_MSIZE;
 +
   d1.length=keybytes;
   d1.data=malloc(d1.length);
   if (d1.data == NULL)
 Index: krb5-1.7/src/lib/crypto/enc_provider/aes.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/enc_provider/aes.c
 +++ krb5-1.7/src/lib/crypto/enc_provider/aes.c
@@ -105,9 +105,11 @@ krb5int_aes_encrypt(const krb5_keyblock
     nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
     if (nblocks == 1) {
 -	/* XXX Used for DK function.  */
 +	/* Used when deriving keys. */
 +	if (input->length < BLOCK_SIZE)
 +	    return KRB5_BAD_MSIZE;
 	enc(output->data, input->data, &ctx);
 -    } else {
 +    } else if (nblocks > 1) {
 	unsigned int nleft;
 	for (blockno = 0; blockno < nblocks - 2; blockno++) {
@@ -160,9 +162,9 @@ krb5int_aes_decrypt(const krb5_keyblock
     if (nblocks == 1) {
 	if (input->length < BLOCK_SIZE)
 -	    abort();
 +	    return KRB5_BAD_MSIZE;
 	dec(output->data, input->data, &ctx);
 -    } else {
 +    } else if (nblocks > 1) {
 	for (blockno = 0; blockno < nblocks - 2; blockno++) {
 	    dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
@@ -208,6 +210,7 @@ krb5int_aes_encrypt_iov(const krb5_keybl
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
     int nblocks = 0, blockno;
     size_t input_length, i;
 +    struct iov_block_state input_pos, output_pos;
     if (aes_enc_key(key->contents, key->length, &ctx) != aes_good)
 	abort();
@@ -224,17 +227,19 @@ krb5int_aes_encrypt_iov(const krb5_keybl
 	    input_length += iov->data.length;
     }
 -    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
 -
 -    assert(nblocks > 1);
 +    IOV_BLOCK_STATE_INIT(&input_pos);
 +    IOV_BLOCK_STATE_INIT(&output_pos);
 -    {
 +    nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
 +    if (nblocks == 1) {
 +       krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
 +                               data, num_data, &input_pos);
 +       enc(tmp2, tmp, &ctx);
 +       krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
 +                               BLOCK_SIZE, &output_pos);
 +    } else if (nblocks > 1) {
 	char blockN2[BLOCK_SIZE];   /* second last */
 	char blockN1[BLOCK_SIZE];   /* last block */
 -	struct iov_block_state input_pos, output_pos;
 -
 -	IOV_BLOCK_STATE_INIT(&input_pos);
 -	IOV_BLOCK_STATE_INIT(&output_pos);
 	for (blockno = 0; blockno < nblocks - 2; blockno++) {
 	    char blockN[BLOCK_SIZE];
@@ -288,6 +293,7 @@ krb5int_aes_decrypt_iov(const krb5_keybl
     char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
     int nblocks = 0, blockno, i;
     size_t input_length;
 +    struct iov_block_state input_pos, output_pos;
     CHECK_SIZES;
@@ -305,18 +311,19 @@ krb5int_aes_decrypt_iov(const krb5_keybl
 	if (ENCRYPT_IOV(iov))
 	    input_length += iov->data.length;
     }
 +    IOV_BLOCK_STATE_INIT(&input_pos);
 +    IOV_BLOCK_STATE_INIT(&output_pos);
     nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
 -
 -    assert(nblocks > 1);
 -
 -    {
 +    if (nblocks == 1) {
 +       krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
 +                               data, num_data, &input_pos);
 +       dec(tmp2, tmp, &ctx);
 +       krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
 +                               BLOCK_SIZE, &output_pos);
 +    } else if (nblocks > 1) {
 	char blockN2[BLOCK_SIZE];   /* second last */
 	char blockN1[BLOCK_SIZE];   /* last block */
 -	struct iov_block_state input_pos, output_pos;
 -
 -	IOV_BLOCK_STATE_INIT(&input_pos);
 -	IOV_BLOCK_STATE_INIT(&output_pos);
 	for (blockno = 0; blockno < nblocks - 2; blockno++) {
 	    char blockN[BLOCK_SIZE];
 Index: krb5-1.7/src/lib/crypto/old/old_decrypt.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/old/old_decrypt.c
 +++ krb5-1.7/src/lib/crypto/old/old_decrypt.c
@@ -45,8 +45,10 @@ krb5_old_decrypt(const struct krb5_enc_p
     blocksize = enc->block_size;
     hashsize = hash->hashsize;
 +    /* Verify input and output lengths. */
 +    if (input->length < blocksize + hashsize || input->length % blocksize != 0)
 +	return(KRB5_BAD_MSIZE);
     plainsize = input->length - blocksize - hashsize;
 -
     if (arg_output->length < plainsize)
 	return(KRB5_BAD_MSIZE);
 Index: krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/raw/raw_decrypt.c
 +++ krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
@@ -34,5 +34,7 @@ krb5_raw_decrypt(const struct krb5_enc_p
 		 const krb5_data *ivec, const krb5_data *input,
 		 krb5_data *output)
 {
 -    return((*(enc->decrypt))(key, ivec, input, output));
 +	if (output->length < input->length)
 +	  return KRB5_BAD_MSIZE;
 +    	return((*(enc->decrypt))(key, ivec, input, output));
 }
 Index: krb5-1.7/src/lib/crypto/t_short.c
 ===================================================================
 --- /dev/null
 +++ krb5-1.7/src/lib/crypto/t_short.c
@@ -0,0 +1,128 @@
 +/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
 +/*
 + * lib/crypto/crypto_tests/t_short.c
 + *
 + * Copyright (C) 2009 by the Massachusetts Institute of Technology.
 + * All rights reserved.
 + *
 + * Export of this software from the United States of America may
 + *   require a specific license from the United States Government.
 + *   It is the responsibility of any person or organization contemplating
 + *   export to obtain such a license before exporting.
 + *
 + * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
 + * distribute this software and its documentation for any purpose and
 + * without fee is hereby granted, provided that the above copyright
 + * notice appear in all copies and that both that copyright notice and
 + * this permission notice appear in supporting documentation, and that
 + * the name of M.I.T. not be used in advertising or publicity pertaining
 + * to distribution of the software without specific, written prior
 + * permission.  Furthermore if you modify this software you must label
 + * your software as modified software and not distribute it in such a
 + * fashion that it might be confused with the original M.I.T. software.
 + * M.I.T. makes no representations about the suitability of
 + * this software for any purpose.  It is provided "as is" without express
 + * or implied warranty.
 + *
 + * Tests the outcome of decrypting overly short tokens.  This program can be
 + * run under a tool like valgrind to detect bad memory accesses; when run
 + * normally by the test suite, it verifies that each operation returns
 + * KRB5_BAD_MSIZE.
 + */
 +
 +#include "k5-int.h"
 +
 +
 +krb5_enctype interesting_enctypes[] = {
 +    ENCTYPE_DES_CBC_CRC,
 +    ENCTYPE_DES_CBC_MD4,
 +    ENCTYPE_DES_CBC_MD5,
 +    ENCTYPE_DES3_CBC_SHA1,
 +    ENCTYPE_ARCFOUR_HMAC,
 +    ENCTYPE_ARCFOUR_HMAC_EXP,
 +    ENCTYPE_AES256_CTS_HMAC_SHA1_96,
 +    ENCTYPE_AES128_CTS_HMAC_SHA1_96,
 +    0
 +};
 +
 +/* Abort if an operation unexpectedly fails. */
 +static void
 +x(krb5_error_code code)
 +{
 +    if (code != 0)
 +        abort();
 +}
 +
 +/* Abort if a decrypt operation doesn't have the expected result. */
 +static void
 +check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
 +{
 +    if (len < min_len) {
 +        /* Undersized tokens should always result in BAD_MSIZE. */
 +        if (code != KRB5_BAD_MSIZE)
 +            abort();
 +    } else {
 +        /* Min-size tokens should succeed or fail the integrity check. */
 +        if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
 +            abort();
 +    }
 +}
 +
 +static void
 +test_enctype(krb5_enctype enctype)
 +{
 +    krb5_error_code ret;
 +    krb5_keyblock keyblock;
 +    krb5_enc_data input;
 +    krb5_data output;
 +    krb5_crypto_iov iov[2];
 +    unsigned int dummy;
 +    size_t min_len, len;
 +
 +    printf("Testing enctype %d\n", (int) enctype);
 +    x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
 +    x(krb5_c_make_random_key(NULL, enctype, &keyblock));
 +    input.enctype = enctype;
 +
 +    /* Try each length up to the minimum length. */
 +    for (len = 0; len <= min_len; len++) {
 +        input.ciphertext.data = calloc(len, 1);
 +        input.ciphertext.length = len;
 +        output.data = calloc(len, 1);
 +        output.length = len;
 +
 +        /* Attempt a normal decryption. */
 +        ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
 +        check_decrypt_result(ret, len, min_len);
 +
 +        if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER,
 +                                 &dummy) == 0) {
 +            /* Attempt an IOV stream decryption. */
 +            iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
 +            iov[0].data = input.ciphertext;
 +            iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
 +            iov[1].data.data = NULL;
 +            iov[1].data.length = 0;
 +            ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2);
 +            check_decrypt_result(ret, len, min_len);
 +        }
 +
 +        free(input.ciphertext.data);
 +        free(output.data);
 +    }
 +}
 +
 +int
 +main(int argc, char **argv)
 +{
 +    int i;
 +    krb5_data notrandom;
 +
 +    notrandom.data = "notrandom";
 +    notrandom.length = 9;
 +    krb5_c_random_seed(NULL, &notrandom);
 +    for (i = 0; interesting_enctypes[i]; i++)
 +        test_enctype(interesting_enctypes[i]);
 +    return 0;
 +}
 +
 Index: krb5-1.7/src/lib/crypto/deps
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/deps
 +++ krb5-1.7/src/lib/crypto/deps
@@ -463,6 +463,16 @@ t_encrypt.so t_encrypt.po $(OUTPRE)t_enc
   $(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
   $(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
   $(SRCTOP)/include/socket-utils.h etypes.h t_encrypt.c
 +t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
 +  $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
 +  $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
 +  $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
 +  $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
 +  $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
 +  $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
 +  $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
 +  $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
 +  t_short.c
 t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
   $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
   $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
 Index: krb5-1.7/src/lib/crypto/dk/dk_aead.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/dk/dk_aead.c
 +++ krb5-1.7/src/lib/crypto/dk/dk_aead.c
@@ -248,7 +248,7 @@ krb5int_dk_decrypt_iov(const struct krb5
     for (i = 0; i < num_data; i++) {
 	const krb5_crypto_iov *iov = &data[i];
 -	if (ENCRYPT_DATA_IOV(iov))
 +	if (ENCRYPT_IOV(iov))
 	    cipherlen += iov->data.length;
     }
 Index: krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
 ===================================================================
 --- krb5-1.7.orig/src/lib/crypto/dk/dk_decrypt.c
 +++ krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
@@ -89,6 +89,12 @@ krb5_dk_decrypt_maybe_trunc_hmac(const s
     else if (hmacsize > hashsize)
 	return KRB5KRB_AP_ERR_BAD_INTEGRITY;
 +    /* Verify input and output lengths. */
 +    if (input->length < blocksize + hmacsize)
 +	return KRB5_BAD_MSIZE;
 +    if (output->length < input->length - blocksize - hmacsize)
 +	return KRB5_BAD_MSIZE;
 +
     enclen = input->length - hmacsize;
     if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
--- a/krb5-1.7-manpaths.dif
+++ b/krb5-1.7-manpaths.dif
@ -1,9 +1,43 @@
-
+Index: krb5-1.7/src/appl/bsd/klogind.M
 Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
 ===================================================================
--- krb5-1.8-alpha1.orig/src/appl/sample/sserver/sserver.M
+--- krb5-1.7.orig/src/appl/bsd/klogind.M
-+++ krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
+++ krb5-1.7/src/appl/bsd/klogind.M
@@ -27,7 +27,7 @@ server is invoked by \fIinetd(8)\fP when
 the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
 configuration line for \fIklogind\fP might be:
 -klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
 +klogin stream tcp nowait root @mansbindir@/klogind klogind -e5c
 When a service request is received, the following protocol is initiated:
 Index: krb5-1.7/src/appl/bsd/kshd.M
 ===================================================================
 --- krb5-1.7.orig/src/appl/bsd/kshd.M
 +++ krb5-1.7/src/appl/bsd/kshd.M
@@ -8,7 +8,7 @@
 .SH NAME
 kshd \- kerberized remote shell server
 .SH SYNOPSIS
 -.B /usr/local/sbin/kshd 
 +.B @mansbindir@/kshd 
 [
 .B \-kr45ec
 ]
@@ -30,7 +30,7 @@ server is invoked by \fIinetd(8c)\fP whe
 on the port indicated in /etc/inetd.conf.  A typical /etc/inetd.conf
 configuration line for \fIkrshd\fP might be:
 -kshell	stream	tcp	nowait	root	/usr/local/sbin/kshd	kshd -5c
 +kshell	stream	tcp	nowait	root	@mansbindir@/kshd	kshd -5c
 When a service request is received, the following protocol is initiated:
 Index: krb5-1.7/src/appl/sample/sserver/sserver.M
 ===================================================================
 --- krb5-1.7.orig/src/appl/sample/sserver/sserver.M
 +++ krb5-1.7/src/appl/sample/sserver/sserver.M
@@ -59,7 +59,7 @@ option allows for a different keytab tha
 using a line in
 /etc/inetd.conf that looks like this:
@ -13,10 +47,23 @@ Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
 .PP
 Since \fBsample\fP is normally not a port defined in /etc/services, you will
 usually have to add a line to /etc/services which looks like this:
-Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
+Index: krb5-1.7/src/appl/telnet/telnetd/telnetd.8
 ===================================================================
--- krb5-1.8-alpha1.orig/src/config-files/kdc.conf.M
+--- krb5-1.7.orig/src/appl/telnet/telnetd/telnetd.8
-+++ krb5-1.8-alpha1/src/config-files/kdc.conf.M
+++ krb5-1.7/src/appl/telnet/telnetd/telnetd.8
@@ -37,7 +37,7 @@ telnetd \-
 .SM DARPA TELNET
 protocol server
 .SH SYNOPSIS
 -.B /usr/libexec/telnetd
 +.B @manlibexecdir@/telnetd
 [\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
 [\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
 [\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
 Index: krb5-1.7/src/config-files/kdc.conf.M
 ===================================================================
 --- krb5-1.7.orig/src/config-files/kdc.conf.M
 +++ krb5-1.7/src/config-files/kdc.conf.M
@@ -82,14 +82,14 @@ This
 .B string
 specifies the location of the access control list (acl) file that
@ -34,7 +81,7 @@ Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
 .IP database_name
 This
-@@ -254,7 +254,7 @@ tickets should be checked against the tr
+@@ -257,7 +257,7 @@ tickets should be checked against the tr
 realm names and the [capaths] section of its krb5.conf file
 .SH FILES 
@ -43,12 +90,12 @@ Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
 .SH SEE ALSO
 krb5.conf(5), krb5kdc(8)
-Index: krb5-1.8-alpha1/src/configure.in
+Index: krb5-1.7/src/configure.in
 ===================================================================
--- krb5-1.8-alpha1.orig/src/configure.in
+--- krb5-1.7.orig/src/configure.in
-+++ krb5-1.8-alpha1/src/configure.in
+++ krb5-1.7/src/configure.in
-@@ -1052,6 +1052,58 @@ if test "$ac_cv_lib_socket" = "yes" -a "
+@@ -1041,6 +1041,69 @@ dnl
- fi
+ AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
 AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
 +
@ -71,8 +118,18 @@ Index: krb5-1.8-alpha1/src/configure.in
 +AC_SUBST(manlocalstatedir)
 +AC_SUBST(manlibexecdir)
 +AC_OUTPUT([
 +	appl/bsd/klogind.M
 +	appl/bsd/kshd.M
 +	appl/bsd/login.M
 +	appl/bsd/rcp.M
 +	appl/bsd/rlogin.M
 +	appl/bsd/rsh.M
 +	appl/gssftp/ftpd/ftpd.M
 +	appl/gssftp/ftp/ftp.M
 +	appl/sample/sclient/sclient.M
 +	appl/sample/sserver/sserver.M
 +	appl/telnet/telnetd/telnetd.8
 +	appl/telnet/telnet/telnet.1
 +	clients/kcpytkt/kcpytkt.M
 +	clients/kdeltkt/kdeltkt.M
 +	clients/kdestroy/kdestroy.M
@ -90,6 +147,7 @@ Index: krb5-1.8-alpha1/src/configure.in
 +	kadmin/cli/kadmin.M
 +	kadmin/dbutil/kdb5_util.M
 +	kadmin/ktutil/ktutil.M
 +	kadmin/passwd/kpasswd.M
 +	kadmin/server/kadmind.M
 +	kdc/krb5kdc.M
 +	krb5-config.M
@ -106,11 +164,11 @@ Index: krb5-1.8-alpha1/src/configure.in
 V5_AC_OUTPUT_MAKEFILE(.
 	util util/support util/profile util/send-pr
-Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
+Index: krb5-1.7/src/kadmin/cli/kadmin.M
 ===================================================================
--- krb5-1.8-alpha1.orig/src/kadmin/cli/kadmin.M
+--- krb5-1.7.orig/src/kadmin/cli/kadmin.M
-+++ krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
+++ krb5-1.7/src/kadmin/cli/kadmin.M
-@@ -869,9 +869,9 @@ option is specified, less verbose status
+@@ -850,9 +850,9 @@ option is specified, less verbose status
 .RS
 .TP
 EXAMPLE:
@ -122,7 +180,7 @@ Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
 kadmin:
 .RE
 .fi
-@@ -913,7 +913,7 @@ passwords.
+@@ -894,7 +894,7 @@ passwords.
 .SH HISTORY
 The
 .B kadmin
@ -131,10 +189,10 @@ Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
 OpenVision Kerberos administration program.
 .SH SEE ALSO
 .IR kerberos (1),
-Index: krb5-1.8-alpha1/src/slave/kprop.M
+Index: krb5-1.7/src/slave/kprop.M
 ===================================================================
--- krb5-1.8-alpha1.orig/src/slave/kprop.M
+--- krb5-1.7.orig/src/slave/kprop.M
-+++ krb5-1.8-alpha1/src/slave/kprop.M
+++ krb5-1.7/src/slave/kprop.M
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
 This is done by transmitting the dumped database file to the slave
 server over an encrypted, secure channel.  The dump file must be created
@ -153,10 +211,10 @@ Index: krb5-1.8-alpha1/src/slave/kprop.M
 .TP
 \fB\-P\fP \fIport\fP
 specifies the port to use to contact the
-Index: krb5-1.8-alpha1/src/slave/kpropd.M
+Index: krb5-1.7/src/slave/kpropd.M
 ===================================================================
--- krb5-1.8-alpha1.orig/src/slave/kpropd.M
+--- krb5-1.7.orig/src/slave/kpropd.M
-+++ krb5-1.8-alpha1/src/slave/kpropd.M
+++ krb5-1.7/src/slave/kpropd.M
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
 This is done by adding a line to the inetd.conf file which looks like
 this:
@ -164,7 +222,7 @@ Index: krb5-1.8-alpha1/src/slave/kpropd.M
 -kprop	stream	tcp	nowait	root	/usr/local/sbin/kpropd	kpropd
 +kprop	stream	tcp	nowait	root	@mansbindir@/kpropd	kpropd
- However, kpropd can also run as a standalone daemon, if the
+ However, kpropd can also run as a standalone deamon, if the
 .B \-S
@@ -111,13 +111,13 @@ is used.
 \fB\-f\fP \fIfile\fP
--- a/krb5-1.7-manpaths.txt
+++ b/krb5-1.7-manpaths.txt
@ -1,5 +1,15 @@
 appl/bsd/klogind.M
 appl/bsd/kshd.M
 appl/bsd/login.M
 appl/bsd/rcp.M
 appl/bsd/rlogin.M
 appl/bsd/rsh.M
 appl/gssftp/ftpd/ftpd.M
 appl/gssftp/ftp/ftp.M
 appl/sample/sclient/sclient.M
 appl/sample/sserver/sserver.M
 appl/telnet/telnetd/telnetd.8
 appl/telnet/telnet/telnet.1
 clients/kcpytkt/kcpytkt.M
 clients/kdeltkt/kdeltkt.M
 clients/kdestroy/kdestroy.M
@ -17,6 +27,7 @@ kadmin/cli/kadmin.local.M
 kadmin/cli/kadmin.M
 kadmin/dbutil/kdb5_util.M
 kadmin/ktutil/ktutil.M
 kadmin/passwd/kpasswd.M
 kadmin/server/kadmind.M
 kdc/krb5kdc.M
 krb5-config.M
--- a/krb5-1.7-rpmlintrc
+++ b/krb5-1.7-rpmlintrc
--- a/krb5-1.7.tar.bz2
+++ b/krb5-1.7.tar.bz2
@ -0,0 +1,3 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:2043f38c46a9721cfab28f0fdf876af17d542cab458a87d0324783189e9570cd
 size 10407001
--- a/krb5-1.8.tar.bz2
+++ b/krb5-1.8.tar.bz2
@ -1,3 +0,0 @@
 version https://git-lfs.github.com/spec/v1
 oid sha256:10890ef19905e36e99d82cbe7caa6e8b0875b2a304f9a9e2d05137c87aff8212
 size 9958816
--- a/krb5-doc-1.7-rpmlintrc
+++ b/krb5-doc-1.7-rpmlintrc
--- a/krb5-doc.changes
+++ b/krb5-doc.changes
@ -1,8 +1,3 @@
 -------------------------------------------------------------------
 Thu Mar  4 11:45:22 CET 2010 - mc@suse.de
 - update to version 1.8
 -------------------------------------------------------------------
 Wed Jun  3 10:47:07 CEST 2009 - mc@suse.de
--- a/krb5-doc.spec
+++ b/krb5-doc.spec
@ -1,7 +1,6 @@
 #
-# spec file for package krb5-doc (Version 1.8)
+# spec file for package krb5-doc (Version 1.7)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
@ -21,14 +20,15 @@
 Name:           krb5-doc
 BuildRequires:  ghostscript-library latex2html texlive
-Version:        1.8
+Version:        1.7
-Release:        6
+Release:        7
-%define srcRoot krb5-1.8
+%define srcRoot krb5-1.7
 Summary:        MIT Kerberos5 Implementation--Documentation
 License:        MIT License (or similar)
 Url:            http://web.mit.edu/kerberos/www/
 Group:          Documentation/Other
-Source:         krb5-1.8.tar.bz2
+Source:         krb5-%{version}.tar.bz2
 Source1:        README.Source
 Source3:        %{name}-%{version}-rpmlintrc
 Patch0:         krb5-1.3.5-perlfix.dif
 Patch1:         krb5-1.6.3-texi2dvi-fix.dif
--- a/krb5-mini.changes
+++ b/krb5-mini.changes
@ -1,29 +1,16 @@
 -------------------------------------------------------------------
-Thu Mar  4 10:42:29 CET 2010 - mc@suse.de
+Thu Jan  7 11:45:14 CET 2010 - mc@suse.de
 - update to version 1.8
  * Increase code quality 
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance 
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service 
    principal referrals.
  * Disable DES by default 
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB 
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
 - fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
 - fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
 - fix integer underflow in AES and RC4 decryption
-  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
+  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) 
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
+
- 
+-------------------------------------------------------------------
 Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
 - add baselibs.conf as a source
 -------------------------------------------------------------------
 Fri Nov 13 16:51:37 CET 2009 - mc@suse.de
--- a/krb5-mini.spec
+++ b/krb5-mini.spec
@ -1,7 +1,6 @@
 #
-# spec file for package krb5 (Version 1.8)
+# spec file for package krb5-mini (Version 1.7)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
@ -19,7 +18,7 @@
 # norootforbuild
 %define build_mini 1
-%define srcRoot krb5-1.8
+%define srcRoot krb5-1.7
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
@ -28,8 +27,8 @@ License:        MIT License (or similar)
 Url:            http://web.mit.edu/kerberos/www/
 BuildRequires:  bison libcom_err-devel ncurses-devel
 BuildRequires:  keyutils keyutils-devel
-Version:        1.8
+Version:        1.7
-Release:        6
+Release:        7
 %if ! 0%{?build_mini}
 BuildRequires:  libopenssl-devel openldap2-devel
 # bug437293
@ -43,18 +42,25 @@ Group:          Productivity/Networking/Security
 Summary:        MIT Kerberos5 Implementation--Libraries
 Group:          Productivity/Networking/Security
 %endif
-Source:         krb5-1.8.tar.bz2
+Source:         krb5-1.7.tar.bz2
 Source1:        vendor-files.tar.bz2
 Source2:        README.Source
 Source3:        spx.c
 Source4:        baselibs.conf
 Source5:        krb5-%{version}-rpmlintrc
 Source10:       krb5-1.7-manpaths.txt
 Patch2:         krb5-1.6.1-compile_pie.dif 
 Patch20:        krb5-1.6.3-kprop-use-mkstemp.dif
 Patch21:        krb5-1.5.1-fix-var-used-before-value-set.dif
 Patch22:        krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
 Patch30:        krb5-1.7-manpaths.dif
 Patch32:        krb5-1.4.3-enospc.dif
 Patch34:        krb5-1.6.3-gssapi_improve_errormessages.dif
 Patch41:        krb5-1.6.3-kpasswd_tcp.patch
 Patch44:        krb5-1.6.3-ktutil-manpage.dif
 Patch46:        krb5-1.6.3-fix-ipv6-query.dif
 Patch47:        krb5-1.7-MITKRB5-SA-2009-003.dif
 Patch48:        krb5-1.7-MITKRB5-SA-2009-004.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -111,6 +117,46 @@ and more.
 Authors:
 --------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>
 %package apps-servers
 License:        MIT License (or similar)
 Summary:        MIT Kerberos5 server applications
 Group:          Productivity/Networking/Security
 %description apps-servers
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
 practice of cleartext passwords. This package includes some kerberos
 compatible server applications like ftpd, klogind, telnetd, ...
 Authors:
 --------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>
 %package apps-clients
 License:        MIT License (or similar)
 Summary:        MIT Kerberos5 client applications
 Group:          Productivity/Networking/Security
 %description apps-clients
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
 practice of cleartext passwords. This package includes some kerberos
 compatible client applications like ftp, rpc, rlogin, telnet, ...
 Authors:
 --------
    The MIT Kerberos Team
@ -194,14 +240,25 @@ Authors:
 %prep
 %setup -q -n %{srcRoot} 
 %setup -a 1 -T -D -n %{srcRoot}
 if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
 then
 echo "spx.c contains potential legal risks."
 exit 1;
 else
 cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
 fi
 %patch2
 %patch20
 %patch21
 %patch22
 %patch30 -p1
 %patch32 -p1
 %patch34 -p1
 %patch41 
 %patch44 -p1
 %patch46 -p1
 %patch47 -p1
 %patch48 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do
@ -262,6 +319,12 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
 install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
 install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
 install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
 for n in ftpd.8 telnetd.8; do
 	mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
 done
 for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
 	mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
 done
 # all libs must have permissions 0755 
 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
 do 
@ -274,6 +337,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
 install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
 install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
 install -m 755 %{vendorFiles}/kpropd.init  %{buildroot}%{_sysconfdir}/init.d/kpropd
 # install xinetd files
 mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
 install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
 install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
 install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
 install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
 # install logrotate files
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
@ -352,9 +421,7 @@ rm -rf %{buildroot}
 %dir /usr/lib/mit/sbin
 %{_libdir}/libgssrpc.so
 %{_libdir}/libk5crypto.so
 %{_libdir}/libkadm5clnt_mit.so
 %{_libdir}/libkadm5clnt.so
 %{_libdir}/libkadm5srv_mit.so
 %{_libdir}/libkadm5srv.so
 %{_libdir}/libkdb5.so
 %{_libdir}/libkrb5.so
@ -388,13 +455,17 @@ rm -rf %{buildroot}
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
 %config(noreplace) %{_sysconfdir}/xinetd.d/klogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/kshell
 %config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
 %{_sysconfdir}/init.d/*
 %{_libdir}/libgssapi_krb5.*
 %{_libdir}/libgssrpc.so.*
 %{_libdir}/libk5crypto.so.*
-%{_libdir}/libkadm5clnt_mit.so.*
+%{_libdir}/libkadm5clnt.so.*
-%{_libdir}/libkadm5srv_mit.so.*
+%{_libdir}/libkadm5srv.so.*
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
@ -408,10 +479,15 @@ rm -rf %{buildroot}
 /usr/lib/mit/sbin/kprop
 /usr/lib/mit/sbin/kdb5_util
 /usr/lib/mit/sbin/krb5kdc
 /usr/lib/mit/sbin/ftpd
 /usr/lib/mit/sbin/klogind
 /usr/lib/mit/sbin/kshd
 /usr/lib/mit/sbin/telnetd
 /usr/lib/mit/sbin/uuserver
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/login.krb5
 /usr/lib/mit/bin/k5srvutil
 /usr/lib/mit/bin/kvno
 /usr/lib/mit/bin/kinit
@ -421,10 +497,16 @@ rm -rf %{buildroot}
 /usr/lib/mit/bin/kadmin
 /usr/lib/mit/bin/ktutil
 %attr(0755,root,root) /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/rcp
 /usr/lib/mit/bin/rsh
 /usr/lib/mit/bin/telnet
 /usr/lib/mit/bin/uuclient
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/sim_client
 /usr/lib/mit/bin/ftp
 /usr/lib/mit/bin/rlogin
 #/usr/lib/mit/bin/*
 /usr/bin/kinit
 /usr/bin/klist
 /usr/bin/rc*
@ -435,7 +517,12 @@ rm -rf %{buildroot}
 %{_mandir}/man1/kpasswd.1*
 %{_mandir}/man1/klist.1*
 %{_mandir}/man1/kerberos.1*
 %{_mandir}/man1/kftp.1*
 %{_mandir}/man1/krlogin.1*
 %{_mandir}/man1/krsh.1*
 %{_mandir}/man1/ktelnet.1*
 %{_mandir}/man1/ksu.1*
 %{_mandir}/man1/krcp.1*
 %{_mandir}/man1/sclient.1*
 %{_mandir}/man1/kadmin.1*
 %{_mandir}/man1/ktutil.1*
@ -462,8 +549,8 @@ rm -rf %{buildroot}
 %{_libdir}/libgssapi_krb5.*
 %{_libdir}/libgssrpc.so.*
 %{_libdir}/libk5crypto.so.*
-%{_libdir}/libkadm5clnt_mit.so.*
+%{_libdir}/libkadm5clnt.so.*
-%{_libdir}/libkadm5srv_mit.so.*
+%{_libdir}/libkadm5srv.so.*
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
@ -495,10 +582,6 @@ rm -rf %{buildroot}
 /usr/lib/mit/sbin/kprop
 /usr/lib/mit/sbin/kdb5_util
 /usr/lib/mit/sbin/krb5kdc
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/uuserver
 %{_libdir}/krb5/plugins/kdb/db2.so
 %{_mandir}/man5/kdc.conf.5*
 %{_mandir}/man8/kadmind.8*
@ -508,7 +591,6 @@ rm -rf %{buildroot}
 %{_mandir}/man8/kproplog.8.gz
 %{_mandir}/man8/kdb5_util.8*
 %{_mandir}/man8/krb5kdc.8*
 %{_mandir}/man8/sserver.8*
 %files client
 %defattr(-,root,root)
@ -523,11 +605,6 @@ rm -rf %{buildroot}
 /usr/lib/mit/bin/kadmin
 /usr/lib/mit/bin/ktutil
 /usr/lib/mit/bin/k5srvutil
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/sim_client
 /usr/lib/mit/bin/uuclient
 /usr/bin/kinit
 /usr/bin/klist
 %{_mandir}/man1/kvno.1*
@ -541,8 +618,53 @@ rm -rf %{buildroot}
 %{_mandir}/man1/k5srvutil.1*
 %{_mandir}/man5/krb5.conf.5*
 %{_mandir}/man5/.k5login.5*
-%{_mandir}/man1/ksu.1.gz
+
-%{_mandir}/man1/sclient.1.gz
+%files apps-servers
 %defattr(-,root,root)
 %config(noreplace) %{_sysconfdir}/xinetd.d/klogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/kshell
 %config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
 %dir /usr/lib/mit
 %dir /usr/lib/mit/sbin
 /usr/lib/mit/sbin/ftpd
 /usr/lib/mit/sbin/klogind
 /usr/lib/mit/sbin/kshd
 /usr/lib/mit/sbin/telnetd
 /usr/lib/mit/sbin/uuserver
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/login.krb5
 %{_mandir}/man8/kftpd.8*
 %{_mandir}/man8/klogind.8*
 %{_mandir}/man8/kshd.8*
 %{_mandir}/man8/ktelnetd.8*
 %{_mandir}/man8/sserver.8*
 %{_mandir}/man8/login.krb5.8*
 %files apps-clients
 %defattr(-,root,root)
 %dir /usr/lib/mit
 %dir /usr/lib/mit/bin
 /usr/lib/mit/bin/ftp
 /usr/lib/mit/bin/rlogin
 # removed SUID bit, we will rely on su + pam_krb
 %attr(0755,root,root) /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/rcp
 /usr/lib/mit/bin/rsh
 /usr/lib/mit/bin/telnet
 /usr/lib/mit/bin/uuclient
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/sim_client
 %{_mandir}/man1/kftp.1*
 %{_mandir}/man1/krlogin.1*
 %{_mandir}/man1/krsh.1*
 %{_mandir}/man1/ktelnet.1*
 %{_mandir}/man1/ksu.1*
 %{_mandir}/man1/krcp.1*
 %{_mandir}/man1/sclient.1*
 %files plugin-kdb-ldap
 %defattr(-,root,root)
--- a/krb5.changes
+++ b/krb5.changes
@ -1,29 +1,16 @@
 -------------------------------------------------------------------
-Thu Mar  4 10:42:29 CET 2010 - mc@suse.de
+Thu Jan  7 11:45:14 CET 2010 - mc@suse.de
 - update to version 1.8
  * Increase code quality 
  * Move toward improved KDB interface
  * Investigate and remedy repeatedly-reported performance 
    bottlenecks.
  * Reduce DNS dependence by implementing an interface that allows
    client library to track whether a KDC supports service 
    principal referrals.
  * Disable DES by default 
  * Account lockout for repeated login failures
  * Bridge layer to allow Heimdal HDB modules to act as KDB 
    backend modules
  * FAST enhancements
  * Microsoft Services for User (S4U) compatibility
  * Anonymous PKINIT
 - fix KDC denial of service
  CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
 - fix KDC denial of service in cross-realm referral processing
  CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
 - fix integer underflow in AES and RC4 decryption
-  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
+  CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351) 
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
+
- 
+-------------------------------------------------------------------
 Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
 - add baselibs.conf as a source
 -------------------------------------------------------------------
 Fri Nov 13 16:51:37 CET 2009 - mc@suse.de
--- a/krb5.spec
+++ b/krb5.spec
@ -1,7 +1,6 @@
 #
-# spec file for package krb5 (Version 1.8)
+# spec file for package krb5 (Version 1.7)
 #
 # Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
 # Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
 #
 # All modifications and additions to the file contributed by third parties
@ -19,7 +18,7 @@
 # norootforbuild
 %define build_mini 0
-%define srcRoot krb5-1.8
+%define srcRoot krb5-1.7
 %define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
 %define krb5docdir  %{_defaultdocdir}/krb5
@ -28,8 +27,8 @@ License:        MIT License (or similar)
 Url:            http://web.mit.edu/kerberos/www/
 BuildRequires:  bison libcom_err-devel ncurses-devel
 BuildRequires:  keyutils keyutils-devel
-Version:        1.8
+Version:        1.7
-Release:        6
+Release:        7
 %if ! 0%{?build_mini}
 BuildRequires:  libopenssl-devel openldap2-devel
 # bug437293
@ -43,18 +42,25 @@ Group:          Productivity/Networking/Security
 Summary:        MIT Kerberos5 Implementation--Libraries
 Group:          Productivity/Networking/Security
 %endif
-Source:         krb5-1.8.tar.bz2
+Source:         krb5-1.7.tar.bz2
 Source1:        vendor-files.tar.bz2
 Source2:        README.Source
 Source3:        spx.c
 Source4:        baselibs.conf
 Source5:        krb5-%{version}-rpmlintrc
 Source10:       krb5-1.7-manpaths.txt
 Patch2:         krb5-1.6.1-compile_pie.dif 
 Patch20:        krb5-1.6.3-kprop-use-mkstemp.dif
 Patch21:        krb5-1.5.1-fix-var-used-before-value-set.dif
 Patch22:        krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
 Patch30:        krb5-1.7-manpaths.dif
 Patch32:        krb5-1.4.3-enospc.dif
 Patch34:        krb5-1.6.3-gssapi_improve_errormessages.dif
 Patch41:        krb5-1.6.3-kpasswd_tcp.patch
 Patch44:        krb5-1.6.3-ktutil-manpage.dif
 Patch46:        krb5-1.6.3-fix-ipv6-query.dif
 Patch47:        krb5-1.7-MITKRB5-SA-2009-003.dif
 Patch48:        krb5-1.7-MITKRB5-SA-2009-004.dif
 BuildRoot:      %{_tmppath}/%{name}-%{version}-build
 PreReq:         mktemp, grep, /bin/touch, coreutils
 PreReq:         %insserv_prereq %fillup_prereq 
@ -111,6 +117,46 @@ and more.
 Authors:
 --------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>
 %package apps-servers
 License:        MIT License (or similar)
 Summary:        MIT Kerberos5 server applications
 Group:          Productivity/Networking/Security
 %description apps-servers
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
 practice of cleartext passwords. This package includes some kerberos
 compatible server applications like ftpd, klogind, telnetd, ...
 Authors:
 --------
    The MIT Kerberos Team
    Sam Hartman <hartmans@mit.edu>
    Ken Raeburn <raeburn@mit.edu>
    Tom Yu <tlyu@mit.edu>
 %package apps-clients
 License:        MIT License (or similar)
 Summary:        MIT Kerberos5 client applications
 Group:          Productivity/Networking/Security
 %description apps-clients
 Kerberos V5 is a trusted-third-party network authentication system,
 which can improve your network's security by eliminating the insecure
 practice of cleartext passwords. This package includes some kerberos
 compatible client applications like ftp, rpc, rlogin, telnet, ...
 Authors:
 --------
    The MIT Kerberos Team
@ -194,14 +240,25 @@ Authors:
 %prep
 %setup -q -n %{srcRoot} 
 %setup -a 1 -T -D -n %{srcRoot}
 if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
 then
 echo "spx.c contains potential legal risks."
 exit 1;
 else
 cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
 fi
 %patch2
 %patch20
 %patch21
 %patch22
 %patch30 -p1
 %patch32 -p1
 %patch34 -p1
 %patch41 
 %patch44 -p1
 %patch46 -p1
 %patch47 -p1
 %patch48 -p1
 # Rename the man pages so that they'll get generated correctly.
 pushd src
 cat %{SOURCE10} | while read manpage ; do
@ -262,6 +319,12 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
 install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
 install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
 install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
 for n in ftpd.8 telnetd.8; do
 	mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
 done
 for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
 	mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
 done
 # all libs must have permissions 0755 
 for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
 do 
@ -274,6 +337,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
 install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
 install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
 install -m 755 %{vendorFiles}/kpropd.init  %{buildroot}%{_sysconfdir}/init.d/kpropd
 # install xinetd files
 mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
 install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
 install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
 install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
 install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
 # install logrotate files
 mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
 install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
@ -352,9 +421,7 @@ rm -rf %{buildroot}
 %dir /usr/lib/mit/sbin
 %{_libdir}/libgssrpc.so
 %{_libdir}/libk5crypto.so
 %{_libdir}/libkadm5clnt_mit.so
 %{_libdir}/libkadm5clnt.so
 %{_libdir}/libkadm5srv_mit.so
 %{_libdir}/libkadm5srv.so
 %{_libdir}/libkdb5.so
 %{_libdir}/libkrb5.so
@ -388,13 +455,17 @@ rm -rf %{buildroot}
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
 %attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
 %config(noreplace) %{_sysconfdir}/xinetd.d/klogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/kshell
 %config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
 %config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
 %{_sysconfdir}/init.d/*
 %{_libdir}/libgssapi_krb5.*
 %{_libdir}/libgssrpc.so.*
 %{_libdir}/libk5crypto.so.*
-%{_libdir}/libkadm5clnt_mit.so.*
+%{_libdir}/libkadm5clnt.so.*
-%{_libdir}/libkadm5srv_mit.so.*
+%{_libdir}/libkadm5srv.so.*
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
@ -408,10 +479,15 @@ rm -rf %{buildroot}
 /usr/lib/mit/sbin/kprop
 /usr/lib/mit/sbin/kdb5_util
 /usr/lib/mit/sbin/krb5kdc
 /usr/lib/mit/sbin/ftpd
 /usr/lib/mit/sbin/klogind
 /usr/lib/mit/sbin/kshd
 /usr/lib/mit/sbin/telnetd
 /usr/lib/mit/sbin/uuserver
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/login.krb5
 /usr/lib/mit/bin/k5srvutil
 /usr/lib/mit/bin/kvno
 /usr/lib/mit/bin/kinit
@ -421,10 +497,16 @@ rm -rf %{buildroot}
 /usr/lib/mit/bin/kadmin
 /usr/lib/mit/bin/ktutil
 %attr(0755,root,root) /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/rcp
 /usr/lib/mit/bin/rsh
 /usr/lib/mit/bin/telnet
 /usr/lib/mit/bin/uuclient
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/sim_client
 /usr/lib/mit/bin/ftp
 /usr/lib/mit/bin/rlogin
 #/usr/lib/mit/bin/*
 /usr/bin/kinit
 /usr/bin/klist
 /usr/bin/rc*
@ -435,7 +517,12 @@ rm -rf %{buildroot}
 %{_mandir}/man1/kpasswd.1*
 %{_mandir}/man1/klist.1*
 %{_mandir}/man1/kerberos.1*
 %{_mandir}/man1/kftp.1*
 %{_mandir}/man1/krlogin.1*
 %{_mandir}/man1/krsh.1*
 %{_mandir}/man1/ktelnet.1*
 %{_mandir}/man1/ksu.1*
 %{_mandir}/man1/krcp.1*
 %{_mandir}/man1/sclient.1*
 %{_mandir}/man1/kadmin.1*
 %{_mandir}/man1/ktutil.1*
@ -462,8 +549,8 @@ rm -rf %{buildroot}
 %{_libdir}/libgssapi_krb5.*
 %{_libdir}/libgssrpc.so.*
 %{_libdir}/libk5crypto.so.*
-%{_libdir}/libkadm5clnt_mit.so.*
+%{_libdir}/libkadm5clnt.so.*
-%{_libdir}/libkadm5srv_mit.so.*
+%{_libdir}/libkadm5srv.so.*
 %{_libdir}/libkdb5.so.*
 %{_libdir}/libkrb5.so.*
 %{_libdir}/libkrb5support.so.*
@ -495,10 +582,6 @@ rm -rf %{buildroot}
 /usr/lib/mit/sbin/kprop
 /usr/lib/mit/sbin/kdb5_util
 /usr/lib/mit/sbin/krb5kdc
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/uuserver
 %{_libdir}/krb5/plugins/kdb/db2.so
 %{_mandir}/man5/kdc.conf.5*
 %{_mandir}/man8/kadmind.8*
@ -508,7 +591,6 @@ rm -rf %{buildroot}
 %{_mandir}/man8/kproplog.8.gz
 %{_mandir}/man8/kdb5_util.8*
 %{_mandir}/man8/krb5kdc.8*
 %{_mandir}/man8/sserver.8*
 %files client
 %defattr(-,root,root)
@ -523,11 +605,6 @@ rm -rf %{buildroot}
 /usr/lib/mit/bin/kadmin
 /usr/lib/mit/bin/ktutil
 /usr/lib/mit/bin/k5srvutil
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/sim_client
 /usr/lib/mit/bin/uuclient
 /usr/bin/kinit
 /usr/bin/klist
 %{_mandir}/man1/kvno.1*
@ -541,8 +618,53 @@ rm -rf %{buildroot}
 %{_mandir}/man1/k5srvutil.1*
 %{_mandir}/man5/krb5.conf.5*
 %{_mandir}/man5/.k5login.5*
-%{_mandir}/man1/ksu.1.gz
+
-%{_mandir}/man1/sclient.1.gz
+%files apps-servers
 %defattr(-,root,root)
 %config(noreplace) %{_sysconfdir}/xinetd.d/klogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
 %config(noreplace) %{_sysconfdir}/xinetd.d/kshell
 %config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
 %dir /usr/lib/mit
 %dir /usr/lib/mit/sbin
 /usr/lib/mit/sbin/ftpd
 /usr/lib/mit/sbin/klogind
 /usr/lib/mit/sbin/kshd
 /usr/lib/mit/sbin/telnetd
 /usr/lib/mit/sbin/uuserver
 /usr/lib/mit/sbin/sserver
 /usr/lib/mit/sbin/gss-server
 /usr/lib/mit/sbin/sim_server
 /usr/lib/mit/sbin/login.krb5
 %{_mandir}/man8/kftpd.8*
 %{_mandir}/man8/klogind.8*
 %{_mandir}/man8/kshd.8*
 %{_mandir}/man8/ktelnetd.8*
 %{_mandir}/man8/sserver.8*
 %{_mandir}/man8/login.krb5.8*
 %files apps-clients
 %defattr(-,root,root)
 %dir /usr/lib/mit
 %dir /usr/lib/mit/bin
 /usr/lib/mit/bin/ftp
 /usr/lib/mit/bin/rlogin
 # removed SUID bit, we will rely on su + pam_krb
 %attr(0755,root,root) /usr/lib/mit/bin/ksu
 /usr/lib/mit/bin/rcp
 /usr/lib/mit/bin/rsh
 /usr/lib/mit/bin/telnet
 /usr/lib/mit/bin/uuclient
 /usr/lib/mit/bin/sclient
 /usr/lib/mit/bin/gss-client
 /usr/lib/mit/bin/sim_client
 %{_mandir}/man1/kftp.1*
 %{_mandir}/man1/krlogin.1*
 %{_mandir}/man1/krsh.1*
 %{_mandir}/man1/ktelnet.1*
 %{_mandir}/man1/ksu.1*
 %{_mandir}/man1/krcp.1*
 %{_mandir}/man1/sclient.1*
 %files plugin-kdb-ldap
 %defattr(-,root,root)
--- a/0
+++ b/0
--- a/spx.c
+++ b/spx.c
@ -0,0 +1,50 @@
 /*-
 * Copyright (c) 1992, 1993
 *	The Regents of the University of California.  All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions
 * are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. All advertising materials mentioning features or use of this software
 *    must display the following acknowledgement:
 *	This product includes software developed by the University of
 *	California, Berkeley and its contributors.
 * 4. Neither the name of the University nor the names of its contributors
 *    may be used to endorse or promote products derived from this software
 *    without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 * SUCH DAMAGE.
 */
 /* based on @(#)spx.c	8.1 (Berkeley) 6/4/93 */
 #include "misc-proto.h"
 #ifdef notdef
 prkey(msg, key)
 	char *msg;
 	unsigned char *key;
 {
 	register int i;
 	printf("%s:", msg);
 	for (i = 0; i < 8; i++)
 		printf(" %3d", key[i]);
 	printf("\r\n");
 }
 #endif
--- a/vendor-files.tar.bz2
+++ b/vendor-files.tar.bz2
@ -1,3 +1,3 @@
 version https://git-lfs.github.com/spec/v1
-oid sha256:afd7fcef667fa671ba023b747d95c62dd83b03c4bb93c7132e1ae78fe837c35e
+oid sha256:cc8af64eb451283d9ed22d52848a923e65a50b5c80442fe3165f238efdd34571
-size 182067
+size 182153