Accepting request 33933 from network
checked in (request 33933) OBS-URL: https://build.opensuse.org/request/show/33933 OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=12
This commit is contained in:
parent
6c03664bc8
commit
2e036bfdfd
9
README.Source
Normal file
9
README.Source
Normal file
@ -0,0 +1,9 @@
|
||||
Because of potential legal risk we have removed the
|
||||
file "src/appl/telnet/libtelnet/spx.c" from the
|
||||
source tarball.
|
||||
|
||||
If you want to see the original sources you can download
|
||||
them from
|
||||
|
||||
http://web.mit.edu/kerberos/www/ .
|
||||
|
@ -1,13 +1,13 @@
|
||||
If the error message is going to be ambiguous, try to give the user some clue
|
||||
by returning the last error reported by the OS.
|
||||
|
||||
Index: krb5-1.8-alpha1/src/clients/kinit/kinit.c
|
||||
Index: krb5-1.7/src/clients/kinit/kinit.c
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/clients/kinit/kinit.c
|
||||
+++ krb5-1.8-alpha1/src/clients/kinit/kinit.c
|
||||
@@ -712,8 +712,14 @@ k5_kinit(opts, k5)
|
||||
code = krb5_cc_initialize(k5->ctx, k5->cc, opts->canonicalize ?
|
||||
my_creds.client : k5->me);
|
||||
--- krb5-1.7.orig/src/clients/kinit/kinit.c
|
||||
+++ krb5-1.7/src/clients/kinit/kinit.c
|
||||
@@ -670,8 +670,14 @@ k5_kinit(opts, k5)
|
||||
code = krb5_cc_initialize(k5->ctx, k5->cc,
|
||||
opts->canonicalize ? my_creds.client : k5->me);
|
||||
if (code) {
|
||||
- com_err(progname, code, "when initializing cache %s",
|
||||
- opts->k5_cache_name?opts->k5_cache_name:"");
|
||||
|
13
krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Normal file
13
krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
Normal file
@ -0,0 +1,13 @@
|
||||
Index: src/appl/gssftp/ftp/ftp.c
|
||||
===================================================================
|
||||
--- src/appl/gssftp/ftp/ftp.c.orig
|
||||
+++ src/appl/gssftp/ftp/ftp.c
|
||||
@@ -1912,7 +1912,7 @@ int do_auth()
|
||||
|
||||
#ifdef GSSAPI
|
||||
if (command("AUTH %s", "GSSAPI") == CONTINUE) {
|
||||
- OM_uint32 maj_stat, min_stat, dummy_stat;
|
||||
+ OM_uint32 maj_stat = GSS_S_FAILURE , min_stat, dummy_stat;
|
||||
gss_name_t target_name;
|
||||
gss_buffer_desc send_tok, recv_tok, *token_ptr;
|
||||
char stbuf[FTP_BUFSIZ];
|
10
krb5-1.5.1-fix-var-used-before-value-set.dif
Normal file
10
krb5-1.5.1-fix-var-used-before-value-set.dif
Normal file
@ -0,0 +1,10 @@
|
||||
--- src/appl/telnet/telnetd/utility.c
|
||||
+++ src/appl/telnet/telnetd/utility.c 2006/11/06 10:34:09
|
||||
@@ -127,6 +127,7 @@
|
||||
}
|
||||
tv.tv_sec = 1;
|
||||
tv.tv_usec = 0;
|
||||
+ FD_ZERO(&fds);
|
||||
FD_SET(net, &fds);
|
||||
|
||||
while (select(net + 1, &fds, NULL, NULL, &tv) == 1)
|
@ -15,7 +15,7 @@ Index: src/config/shlib.conf
|
||||
===================================================================
|
||||
--- src/config/shlib.conf.orig
|
||||
+++ src/config/shlib.conf
|
||||
@@ -419,7 +419,8 @@ mips-*-netbsd*)
|
||||
@@ -420,7 +420,8 @@ mips-*-netbsd*)
|
||||
PROFFLAGS=-pg
|
||||
RPATH_FLAG='-Wl,-rpath -Wl,'
|
||||
PROG_RPATH_FLAGS='$(RPATH_FLAG)$(PROG_RPATH)'
|
||||
|
@ -1,8 +1,8 @@
|
||||
Index: krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
|
||||
Index: trunk/src/lib/krb5/os/hostaddr.c
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hostaddr.c
|
||||
+++ krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
|
||||
@@ -44,7 +44,7 @@ krb5_os_hostaddr(krb5_context context, c
|
||||
--- trunk.orig/src/lib/krb5/os/hostaddr.c
|
||||
+++ trunk/src/lib/krb5/os/hostaddr.c
|
||||
@@ -43,7 +43,7 @@ krb5_os_hostaddr(krb5_context context, c
|
||||
return KRB5_ERR_BAD_HOSTNAME;
|
||||
|
||||
memset (&hints, 0, sizeof (hints));
|
||||
@ -11,11 +11,11 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/hostaddr.c
|
||||
/* We don't care what kind at this point, really, but without
|
||||
this, we can get back multiple sockaddrs per address, for
|
||||
SOCK_DGRAM, SOCK_STREAM, and SOCK_RAW. I haven't checked if
|
||||
Index: krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
|
||||
Index: trunk/src/lib/krb5/os/hst_realm.c
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/hst_realm.c
|
||||
+++ krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
|
||||
@@ -103,7 +103,7 @@ get_fq_hostname(char *buf, size_t bufsiz
|
||||
--- trunk.orig/src/lib/krb5/os/hst_realm.c
|
||||
+++ trunk/src/lib/krb5/os/hst_realm.c
|
||||
@@ -171,7 +171,7 @@ krb5int_get_fq_hostname (char *buf, size
|
||||
int err;
|
||||
|
||||
memset (&hints, 0, sizeof (hints));
|
||||
@ -24,11 +24,11 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/hst_realm.c
|
||||
err = getaddrinfo (name, 0, &hints, &ai);
|
||||
if (err)
|
||||
return krb5int_translate_gai_error (err);
|
||||
Index: krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
|
||||
Index: trunk/src/lib/krb5/os/locate_kdc.c
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/locate_kdc.c
|
||||
+++ krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
|
||||
@@ -259,8 +259,9 @@ krb5int_add_host_to_list (struct addrlis
|
||||
--- trunk.orig/src/lib/krb5/os/locate_kdc.c
|
||||
+++ trunk/src/lib/krb5/os/locate_kdc.c
|
||||
@@ -254,8 +254,9 @@ krb5int_add_host_to_list (struct addrlis
|
||||
memset(&hint, 0, sizeof(hint));
|
||||
hint.ai_family = family;
|
||||
hint.ai_socktype = socktype;
|
||||
@ -37,13 +37,13 @@ Index: krb5-1.8-alpha1/src/lib/krb5/os/locate_kdc.c
|
||||
- hint.ai_flags = AI_NUMERICSERV;
|
||||
+ hint.ai_flags |= AI_NUMERICSERV;
|
||||
#endif
|
||||
result = snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port));
|
||||
if (SNPRINTF_OVERFLOW(result, sizeof(portbuf)))
|
||||
Index: krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
|
||||
if (snprintf(portbuf, sizeof(portbuf), "%d", ntohs(port)) >= sizeof(portbuf))
|
||||
/* XXX */
|
||||
Index: trunk/src/lib/krb5/os/sn2princ.c
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/lib/krb5/os/sn2princ.c
|
||||
+++ krb5-1.8-alpha1/src/lib/krb5/os/sn2princ.c
|
||||
@@ -108,7 +108,7 @@ krb5_sname_to_principal(krb5_context con
|
||||
--- trunk.orig/src/lib/krb5/os/sn2princ.c
|
||||
+++ trunk/src/lib/krb5/os/sn2princ.c
|
||||
@@ -107,7 +107,7 @@ krb5_sname_to_principal(krb5_context con
|
||||
|
||||
memset(&hints, 0, sizeof(hints));
|
||||
hints.ai_family = AF_INET;
|
||||
|
@ -5,10 +5,11 @@ Index: src/lib/krb5/os/changepw.c
|
||||
===================================================================
|
||||
--- src/lib/krb5/os/changepw.c.orig
|
||||
+++ src/lib/krb5/os/changepw.c
|
||||
@@ -271,10 +271,22 @@ change_set_password(krb5_context context
|
||||
@@ -261,11 +261,22 @@ krb5_change_set_password(krb5_context co
|
||||
NULL,
|
||||
NULL
|
||||
))) {
|
||||
|
||||
-
|
||||
- /*
|
||||
- * Here we may want to switch to TCP on some errors.
|
||||
- * right?
|
||||
|
@ -2,7 +2,7 @@ Index: src/slave/kprop.c
|
||||
===================================================================
|
||||
--- src/slave/kprop.c.orig
|
||||
+++ src/slave/kprop.c
|
||||
@@ -206,6 +206,7 @@ void get_tickets(context)
|
||||
@@ -215,6 +215,7 @@ void get_tickets(context)
|
||||
krb5_error_code retval;
|
||||
static char tkstring[] = "/tmp/kproptktXXXXXX";
|
||||
krb5_keytab keytab = NULL;
|
||||
@ -10,7 +10,7 @@ Index: src/slave/kprop.c
|
||||
|
||||
/*
|
||||
* Figure out what tickets we'll be using to send stuff
|
||||
@@ -231,7 +232,15 @@ void get_tickets(context)
|
||||
@@ -240,7 +241,15 @@ void get_tickets(context)
|
||||
/*
|
||||
* Initialize cache file which we're going to be using
|
||||
*/
|
||||
|
27
krb5-1.7-MITKRB5-SA-2009-003.dif
Normal file
27
krb5-1.7-MITKRB5-SA-2009-003.dif
Normal file
@ -0,0 +1,27 @@
|
||||
Index: krb5-1.7/src/kdc/do_tgs_req.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/kdc/do_tgs_req.c
|
||||
+++ krb5-1.7/src/kdc/do_tgs_req.c
|
||||
@@ -1158,7 +1158,7 @@ prep_reprocess_req(krb5_kdc_req *request
|
||||
free(temp_buf);
|
||||
if (retval) {
|
||||
/* no match found */
|
||||
- kdc_err(kdc_context, retval, 0);
|
||||
+ kdc_err(kdc_context, retval, "unable to find realm of host");
|
||||
goto cleanup;
|
||||
}
|
||||
if (realms == 0) {
|
||||
Index: krb5-1.7/src/lib/kadm5/logger.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/kadm5/logger.c
|
||||
+++ krb5-1.7/src/lib/kadm5/logger.c
|
||||
@@ -188,6 +188,9 @@ klog_com_err_proc(const char *whoami, lo
|
||||
char *cp;
|
||||
char *syslogp;
|
||||
|
||||
+ if (whoami == NULL || format == NULL)
|
||||
+ return;
|
||||
+
|
||||
/* Make the header */
|
||||
snprintf(outbuf, sizeof(outbuf), "%s: ", whoami);
|
||||
/*
|
377
krb5-1.7-MITKRB5-SA-2009-004.dif
Normal file
377
krb5-1.7-MITKRB5-SA-2009-004.dif
Normal file
@ -0,0 +1,377 @@
|
||||
Index: krb5-1.7/src/lib/crypto/Makefile.in
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/Makefile.in
|
||||
+++ krb5-1.7/src/lib/crypto/Makefile.in
|
||||
@@ -18,6 +18,7 @@ EXTRADEPSRCS=\
|
||||
$(srcdir)/t_nfold.c \
|
||||
$(srcdir)/t_cf2.c \
|
||||
$(srcdir)/t_encrypt.c \
|
||||
+ $(srcdir)/t_short.c \
|
||||
$(srcdir)/t_prf.c \
|
||||
$(srcdir)/t_prng.c \
|
||||
$(srcdir)/t_hmac.c \
|
||||
@@ -206,7 +207,7 @@ libcrypto.lib:
|
||||
|
||||
clean-unix:: clean-liblinks clean-libs clean-libobjs
|
||||
|
||||
-check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2
|
||||
+check-unix:: t_nfold t_encrypt t_prf t_prng t_hmac t_pkcs5 t_cf2 t_short
|
||||
$(RUN_SETUP) $(VALGRIND) ./t_nfold
|
||||
$(RUN_SETUP) $(VALGRIND) ./t_encrypt
|
||||
$(RUN_SETUP) $(VALGRIND) ./t_prng <$(srcdir)/t_prng.seed >t_prng.output && \
|
||||
@@ -216,6 +217,7 @@ check-unix:: t_nfold t_encrypt t_prf t_p
|
||||
diff t_prf.output $(srcdir)/t_prf.expected
|
||||
$(RUN_SETUP) $(VALGRIND) ./t_cf2 <$(srcdir)/t_cf2.in >t_cf2.output
|
||||
diff t_cf2.output $(srcdir)/t_cf2.expected
|
||||
+ $(RUN_SETUP) $(VALGRIND) ./t_short
|
||||
|
||||
|
||||
# $(RUN_SETUP) $(VALGRIND) ./t_pkcs5
|
||||
@@ -249,10 +251,14 @@ t_cts$(EXEEXT): t_cts.$(OBJEXT) $(CRYPTO
|
||||
$(CC_LINK) -o $@ t_cts.$(OBJEXT) \
|
||||
$(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
|
||||
|
||||
+t_short$(EXEEXT): t_short.$(OBJEXT) $(CRYPTO_DEPLIB) $(SUPPORT_DEPLIB)
|
||||
+ $(CC_LINK) -o $@ t_short.$(OBJEXT) \
|
||||
+ $(K5CRYPTO_LIB) $(COM_ERR_LIB) $(SUPPORT_LIB)
|
||||
|
||||
clean::
|
||||
$(RM) t_nfold.o t_nfold t_encrypt t_encrypt.o t_prng.o t_prng \
|
||||
- t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o t_cf2 t_cf2.o
|
||||
+ t_hmac.o t_hmac t_pkcs5.o t_pkcs5 pbkdf2.o t_prf t_prf.o \
|
||||
+ t_cf2 t_cf2.o t_short t_short.o
|
||||
-$(RM) t_prng.output
|
||||
|
||||
all-windows::
|
||||
Index: krb5-1.7/src/lib/crypto/arcfour/arcfour.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/arcfour/arcfour.c
|
||||
+++ krb5-1.7/src/lib/crypto/arcfour/arcfour.c
|
||||
@@ -199,6 +199,12 @@ krb5_arcfour_decrypt(const struct krb5_e
|
||||
keylength = enc->keylength;
|
||||
hashsize = hash->hashsize;
|
||||
|
||||
+ /* Verify input and output lengths. */
|
||||
+ if (input->length < hashsize + CONFOUNDERLENGTH)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
+ if (output->length < input->length - hashsize - CONFOUNDERLENGTH)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
+
|
||||
d1.length=keybytes;
|
||||
d1.data=malloc(d1.length);
|
||||
if (d1.data == NULL)
|
||||
Index: krb5-1.7/src/lib/crypto/enc_provider/aes.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/enc_provider/aes.c
|
||||
+++ krb5-1.7/src/lib/crypto/enc_provider/aes.c
|
||||
@@ -105,9 +105,11 @@ krb5int_aes_encrypt(const krb5_keyblock
|
||||
nblocks = (input->length + BLOCK_SIZE - 1) / BLOCK_SIZE;
|
||||
|
||||
if (nblocks == 1) {
|
||||
- /* XXX Used for DK function. */
|
||||
+ /* Used when deriving keys. */
|
||||
+ if (input->length < BLOCK_SIZE)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
enc(output->data, input->data, &ctx);
|
||||
- } else {
|
||||
+ } else if (nblocks > 1) {
|
||||
unsigned int nleft;
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
@@ -160,9 +162,9 @@ krb5int_aes_decrypt(const krb5_keyblock
|
||||
|
||||
if (nblocks == 1) {
|
||||
if (input->length < BLOCK_SIZE)
|
||||
- abort();
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
dec(output->data, input->data, &ctx);
|
||||
- } else {
|
||||
+ } else if (nblocks > 1) {
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
dec(tmp2, input->data + blockno * BLOCK_SIZE, &ctx);
|
||||
@@ -208,6 +210,7 @@ krb5int_aes_encrypt_iov(const krb5_keybl
|
||||
char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE];
|
||||
int nblocks = 0, blockno;
|
||||
size_t input_length, i;
|
||||
+ struct iov_block_state input_pos, output_pos;
|
||||
|
||||
if (aes_enc_key(key->contents, key->length, &ctx) != aes_good)
|
||||
abort();
|
||||
@@ -224,17 +227,19 @@ krb5int_aes_encrypt_iov(const krb5_keybl
|
||||
input_length += iov->data.length;
|
||||
}
|
||||
|
||||
- nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
|
||||
-
|
||||
- assert(nblocks > 1);
|
||||
+ IOV_BLOCK_STATE_INIT(&input_pos);
|
||||
+ IOV_BLOCK_STATE_INIT(&output_pos);
|
||||
|
||||
- {
|
||||
+ nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
|
||||
+ if (nblocks == 1) {
|
||||
+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
|
||||
+ data, num_data, &input_pos);
|
||||
+ enc(tmp2, tmp, &ctx);
|
||||
+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
|
||||
+ BLOCK_SIZE, &output_pos);
|
||||
+ } else if (nblocks > 1) {
|
||||
char blockN2[BLOCK_SIZE]; /* second last */
|
||||
char blockN1[BLOCK_SIZE]; /* last block */
|
||||
- struct iov_block_state input_pos, output_pos;
|
||||
-
|
||||
- IOV_BLOCK_STATE_INIT(&input_pos);
|
||||
- IOV_BLOCK_STATE_INIT(&output_pos);
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
char blockN[BLOCK_SIZE];
|
||||
@@ -288,6 +293,7 @@ krb5int_aes_decrypt_iov(const krb5_keybl
|
||||
char tmp[BLOCK_SIZE], tmp2[BLOCK_SIZE], tmp3[BLOCK_SIZE];
|
||||
int nblocks = 0, blockno, i;
|
||||
size_t input_length;
|
||||
+ struct iov_block_state input_pos, output_pos;
|
||||
|
||||
CHECK_SIZES;
|
||||
|
||||
@@ -305,18 +311,19 @@ krb5int_aes_decrypt_iov(const krb5_keybl
|
||||
if (ENCRYPT_IOV(iov))
|
||||
input_length += iov->data.length;
|
||||
}
|
||||
+ IOV_BLOCK_STATE_INIT(&input_pos);
|
||||
+ IOV_BLOCK_STATE_INIT(&output_pos);
|
||||
|
||||
nblocks = (input_length + BLOCK_SIZE - 1) / BLOCK_SIZE;
|
||||
-
|
||||
- assert(nblocks > 1);
|
||||
-
|
||||
- {
|
||||
+ if (nblocks == 1) {
|
||||
+ krb5int_c_iov_get_block((unsigned char *)tmp, BLOCK_SIZE,
|
||||
+ data, num_data, &input_pos);
|
||||
+ dec(tmp2, tmp, &ctx);
|
||||
+ krb5int_c_iov_put_block(data, num_data, (unsigned char *)tmp2,
|
||||
+ BLOCK_SIZE, &output_pos);
|
||||
+ } else if (nblocks > 1) {
|
||||
char blockN2[BLOCK_SIZE]; /* second last */
|
||||
char blockN1[BLOCK_SIZE]; /* last block */
|
||||
- struct iov_block_state input_pos, output_pos;
|
||||
-
|
||||
- IOV_BLOCK_STATE_INIT(&input_pos);
|
||||
- IOV_BLOCK_STATE_INIT(&output_pos);
|
||||
|
||||
for (blockno = 0; blockno < nblocks - 2; blockno++) {
|
||||
char blockN[BLOCK_SIZE];
|
||||
Index: krb5-1.7/src/lib/crypto/old/old_decrypt.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/old/old_decrypt.c
|
||||
+++ krb5-1.7/src/lib/crypto/old/old_decrypt.c
|
||||
@@ -45,8 +45,10 @@ krb5_old_decrypt(const struct krb5_enc_p
|
||||
blocksize = enc->block_size;
|
||||
hashsize = hash->hashsize;
|
||||
|
||||
+ /* Verify input and output lengths. */
|
||||
+ if (input->length < blocksize + hashsize || input->length % blocksize != 0)
|
||||
+ return(KRB5_BAD_MSIZE);
|
||||
plainsize = input->length - blocksize - hashsize;
|
||||
-
|
||||
if (arg_output->length < plainsize)
|
||||
return(KRB5_BAD_MSIZE);
|
||||
|
||||
Index: krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/raw/raw_decrypt.c
|
||||
+++ krb5-1.7/src/lib/crypto/raw/raw_decrypt.c
|
||||
@@ -34,5 +34,7 @@ krb5_raw_decrypt(const struct krb5_enc_p
|
||||
const krb5_data *ivec, const krb5_data *input,
|
||||
krb5_data *output)
|
||||
{
|
||||
- return((*(enc->decrypt))(key, ivec, input, output));
|
||||
+ if (output->length < input->length)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
+ return((*(enc->decrypt))(key, ivec, input, output));
|
||||
}
|
||||
Index: krb5-1.7/src/lib/crypto/t_short.c
|
||||
===================================================================
|
||||
--- /dev/null
|
||||
+++ krb5-1.7/src/lib/crypto/t_short.c
|
||||
@@ -0,0 +1,128 @@
|
||||
+/* -*- mode: c; c-basic-offset: 4; indent-tabs-mode: nil -*- */
|
||||
+/*
|
||||
+ * lib/crypto/crypto_tests/t_short.c
|
||||
+ *
|
||||
+ * Copyright (C) 2009 by the Massachusetts Institute of Technology.
|
||||
+ * All rights reserved.
|
||||
+ *
|
||||
+ * Export of this software from the United States of America may
|
||||
+ * require a specific license from the United States Government.
|
||||
+ * It is the responsibility of any person or organization contemplating
|
||||
+ * export to obtain such a license before exporting.
|
||||
+ *
|
||||
+ * WITHIN THAT CONSTRAINT, permission to use, copy, modify, and
|
||||
+ * distribute this software and its documentation for any purpose and
|
||||
+ * without fee is hereby granted, provided that the above copyright
|
||||
+ * notice appear in all copies and that both that copyright notice and
|
||||
+ * this permission notice appear in supporting documentation, and that
|
||||
+ * the name of M.I.T. not be used in advertising or publicity pertaining
|
||||
+ * to distribution of the software without specific, written prior
|
||||
+ * permission. Furthermore if you modify this software you must label
|
||||
+ * your software as modified software and not distribute it in such a
|
||||
+ * fashion that it might be confused with the original M.I.T. software.
|
||||
+ * M.I.T. makes no representations about the suitability of
|
||||
+ * this software for any purpose. It is provided "as is" without express
|
||||
+ * or implied warranty.
|
||||
+ *
|
||||
+ * Tests the outcome of decrypting overly short tokens. This program can be
|
||||
+ * run under a tool like valgrind to detect bad memory accesses; when run
|
||||
+ * normally by the test suite, it verifies that each operation returns
|
||||
+ * KRB5_BAD_MSIZE.
|
||||
+ */
|
||||
+
|
||||
+#include "k5-int.h"
|
||||
+
|
||||
+
|
||||
+krb5_enctype interesting_enctypes[] = {
|
||||
+ ENCTYPE_DES_CBC_CRC,
|
||||
+ ENCTYPE_DES_CBC_MD4,
|
||||
+ ENCTYPE_DES_CBC_MD5,
|
||||
+ ENCTYPE_DES3_CBC_SHA1,
|
||||
+ ENCTYPE_ARCFOUR_HMAC,
|
||||
+ ENCTYPE_ARCFOUR_HMAC_EXP,
|
||||
+ ENCTYPE_AES256_CTS_HMAC_SHA1_96,
|
||||
+ ENCTYPE_AES128_CTS_HMAC_SHA1_96,
|
||||
+ 0
|
||||
+};
|
||||
+
|
||||
+/* Abort if an operation unexpectedly fails. */
|
||||
+static void
|
||||
+x(krb5_error_code code)
|
||||
+{
|
||||
+ if (code != 0)
|
||||
+ abort();
|
||||
+}
|
||||
+
|
||||
+/* Abort if a decrypt operation doesn't have the expected result. */
|
||||
+static void
|
||||
+check_decrypt_result(krb5_error_code code, size_t len, size_t min_len)
|
||||
+{
|
||||
+ if (len < min_len) {
|
||||
+ /* Undersized tokens should always result in BAD_MSIZE. */
|
||||
+ if (code != KRB5_BAD_MSIZE)
|
||||
+ abort();
|
||||
+ } else {
|
||||
+ /* Min-size tokens should succeed or fail the integrity check. */
|
||||
+ if (code != 0 && code != KRB5KRB_AP_ERR_BAD_INTEGRITY)
|
||||
+ abort();
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+static void
|
||||
+test_enctype(krb5_enctype enctype)
|
||||
+{
|
||||
+ krb5_error_code ret;
|
||||
+ krb5_keyblock keyblock;
|
||||
+ krb5_enc_data input;
|
||||
+ krb5_data output;
|
||||
+ krb5_crypto_iov iov[2];
|
||||
+ unsigned int dummy;
|
||||
+ size_t min_len, len;
|
||||
+
|
||||
+ printf("Testing enctype %d\n", (int) enctype);
|
||||
+ x(krb5_c_encrypt_length(NULL, enctype, 0, &min_len));
|
||||
+ x(krb5_c_make_random_key(NULL, enctype, &keyblock));
|
||||
+ input.enctype = enctype;
|
||||
+
|
||||
+ /* Try each length up to the minimum length. */
|
||||
+ for (len = 0; len <= min_len; len++) {
|
||||
+ input.ciphertext.data = calloc(len, 1);
|
||||
+ input.ciphertext.length = len;
|
||||
+ output.data = calloc(len, 1);
|
||||
+ output.length = len;
|
||||
+
|
||||
+ /* Attempt a normal decryption. */
|
||||
+ ret = krb5_c_decrypt(NULL, &keyblock, 0, NULL, &input, &output);
|
||||
+ check_decrypt_result(ret, len, min_len);
|
||||
+
|
||||
+ if (krb5_c_crypto_length(NULL, enctype, KRB5_CRYPTO_TYPE_HEADER,
|
||||
+ &dummy) == 0) {
|
||||
+ /* Attempt an IOV stream decryption. */
|
||||
+ iov[0].flags = KRB5_CRYPTO_TYPE_STREAM;
|
||||
+ iov[0].data = input.ciphertext;
|
||||
+ iov[1].flags = KRB5_CRYPTO_TYPE_DATA;
|
||||
+ iov[1].data.data = NULL;
|
||||
+ iov[1].data.length = 0;
|
||||
+ ret = krb5_c_decrypt_iov(NULL, &keyblock, 0, NULL, iov, 2);
|
||||
+ check_decrypt_result(ret, len, min_len);
|
||||
+ }
|
||||
+
|
||||
+ free(input.ciphertext.data);
|
||||
+ free(output.data);
|
||||
+ }
|
||||
+}
|
||||
+
|
||||
+int
|
||||
+main(int argc, char **argv)
|
||||
+{
|
||||
+ int i;
|
||||
+ krb5_data notrandom;
|
||||
+
|
||||
+ notrandom.data = "notrandom";
|
||||
+ notrandom.length = 9;
|
||||
+ krb5_c_random_seed(NULL, ¬random);
|
||||
+ for (i = 0; interesting_enctypes[i]; i++)
|
||||
+ test_enctype(interesting_enctypes[i]);
|
||||
+ return 0;
|
||||
+}
|
||||
+
|
||||
Index: krb5-1.7/src/lib/crypto/deps
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/deps
|
||||
+++ krb5-1.7/src/lib/crypto/deps
|
||||
@@ -463,6 +463,16 @@ t_encrypt.so t_encrypt.po $(OUTPRE)t_enc
|
||||
$(SRCTOP)/include/krb5.h $(SRCTOP)/include/krb5/locate_plugin.h \
|
||||
$(SRCTOP)/include/krb5/preauth_plugin.h $(SRCTOP)/include/port-sockets.h \
|
||||
$(SRCTOP)/include/socket-utils.h etypes.h t_encrypt.c
|
||||
+t_short.so t_short.po $(OUTPRE)t_short.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
|
||||
+ $(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
|
||||
+ $(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
|
||||
+ $(SRCTOP)/include/k5-err.h $(SRCTOP)/include/k5-gmt_mktime.h \
|
||||
+ $(SRCTOP)/include/k5-int-pkinit.h $(SRCTOP)/include/k5-int.h \
|
||||
+ $(SRCTOP)/include/k5-platform.h $(SRCTOP)/include/k5-plugin.h \
|
||||
+ $(SRCTOP)/include/k5-thread.h $(SRCTOP)/include/krb5.h \
|
||||
+ $(SRCTOP)/include/krb5/locate_plugin.h $(SRCTOP)/include/krb5/preauth_plugin.h \
|
||||
+ $(SRCTOP)/include/port-sockets.h $(SRCTOP)/include/socket-utils.h \
|
||||
+ t_short.c
|
||||
t_prf.so t_prf.po $(OUTPRE)t_prf.$(OBJEXT): $(BUILDTOP)/include/autoconf.h \
|
||||
$(BUILDTOP)/include/krb5/krb5.h $(BUILDTOP)/include/osconf.h \
|
||||
$(BUILDTOP)/include/profile.h $(COM_ERR_DEPS) $(SRCTOP)/include/k5-buf.h \
|
||||
Index: krb5-1.7/src/lib/crypto/dk/dk_aead.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/dk/dk_aead.c
|
||||
+++ krb5-1.7/src/lib/crypto/dk/dk_aead.c
|
||||
@@ -248,7 +248,7 @@ krb5int_dk_decrypt_iov(const struct krb5
|
||||
for (i = 0; i < num_data; i++) {
|
||||
const krb5_crypto_iov *iov = &data[i];
|
||||
|
||||
- if (ENCRYPT_DATA_IOV(iov))
|
||||
+ if (ENCRYPT_IOV(iov))
|
||||
cipherlen += iov->data.length;
|
||||
}
|
||||
|
||||
Index: krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/lib/crypto/dk/dk_decrypt.c
|
||||
+++ krb5-1.7/src/lib/crypto/dk/dk_decrypt.c
|
||||
@@ -89,6 +89,12 @@ krb5_dk_decrypt_maybe_trunc_hmac(const s
|
||||
else if (hmacsize > hashsize)
|
||||
return KRB5KRB_AP_ERR_BAD_INTEGRITY;
|
||||
|
||||
+ /* Verify input and output lengths. */
|
||||
+ if (input->length < blocksize + hmacsize)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
+ if (output->length < input->length - blocksize - hmacsize)
|
||||
+ return KRB5_BAD_MSIZE;
|
||||
+
|
||||
enclen = input->length - hmacsize;
|
||||
|
||||
if ((kedata = (unsigned char *) malloc(keylength)) == NULL)
|
@ -1,9 +1,43 @@
|
||||
|
||||
|
||||
Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
|
||||
Index: krb5-1.7/src/appl/bsd/klogind.M
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/appl/sample/sserver/sserver.M
|
||||
+++ krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
|
||||
--- krb5-1.7.orig/src/appl/bsd/klogind.M
|
||||
+++ krb5-1.7/src/appl/bsd/klogind.M
|
||||
@@ -27,7 +27,7 @@ server is invoked by \fIinetd(8)\fP when
|
||||
the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
|
||||
configuration line for \fIklogind\fP might be:
|
||||
|
||||
-klogin stream tcp nowait root /usr/cygnus/sbin/klogind klogind -e5c
|
||||
+klogin stream tcp nowait root @mansbindir@/klogind klogind -e5c
|
||||
|
||||
When a service request is received, the following protocol is initiated:
|
||||
|
||||
Index: krb5-1.7/src/appl/bsd/kshd.M
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/appl/bsd/kshd.M
|
||||
+++ krb5-1.7/src/appl/bsd/kshd.M
|
||||
@@ -8,7 +8,7 @@
|
||||
.SH NAME
|
||||
kshd \- kerberized remote shell server
|
||||
.SH SYNOPSIS
|
||||
-.B /usr/local/sbin/kshd
|
||||
+.B @mansbindir@/kshd
|
||||
[
|
||||
.B \-kr45ec
|
||||
]
|
||||
@@ -30,7 +30,7 @@ server is invoked by \fIinetd(8c)\fP whe
|
||||
on the port indicated in /etc/inetd.conf. A typical /etc/inetd.conf
|
||||
configuration line for \fIkrshd\fP might be:
|
||||
|
||||
-kshell stream tcp nowait root /usr/local/sbin/kshd kshd -5c
|
||||
+kshell stream tcp nowait root @mansbindir@/kshd kshd -5c
|
||||
|
||||
When a service request is received, the following protocol is initiated:
|
||||
|
||||
Index: krb5-1.7/src/appl/sample/sserver/sserver.M
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/appl/sample/sserver/sserver.M
|
||||
+++ krb5-1.7/src/appl/sample/sserver/sserver.M
|
||||
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
||||
using a line in
|
||||
/etc/inetd.conf that looks like this:
|
||||
@ -13,10 +47,23 @@ Index: krb5-1.8-alpha1/src/appl/sample/sserver/sserver.M
|
||||
.PP
|
||||
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
||||
usually have to add a line to /etc/services which looks like this:
|
||||
Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
||||
Index: krb5-1.7/src/appl/telnet/telnetd/telnetd.8
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/config-files/kdc.conf.M
|
||||
+++ krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
||||
--- krb5-1.7.orig/src/appl/telnet/telnetd/telnetd.8
|
||||
+++ krb5-1.7/src/appl/telnet/telnetd/telnetd.8
|
||||
@@ -37,7 +37,7 @@ telnetd \-
|
||||
.SM DARPA TELNET
|
||||
protocol server
|
||||
.SH SYNOPSIS
|
||||
-.B /usr/libexec/telnetd
|
||||
+.B @manlibexecdir@/telnetd
|
||||
[\fB\-a\fP \fIauthmode\fP] [\fB\-B\fP] [\fB\-D\fP] [\fIdebugmode\fP]
|
||||
[\fB\-e\fP] [\fB\-h\fP] [\fB\-I\fP\fIinitid\fP] [\fB\-l\fP]
|
||||
[\fB\-k\fP] [\fB\-n\fP] [\fB\-r\fP\fIlowpty-highpty\fP] [\fB\-s\fP]
|
||||
Index: krb5-1.7/src/config-files/kdc.conf.M
|
||||
===================================================================
|
||||
--- krb5-1.7.orig/src/config-files/kdc.conf.M
|
||||
+++ krb5-1.7/src/config-files/kdc.conf.M
|
||||
@@ -82,14 +82,14 @@ This
|
||||
.B string
|
||||
specifies the location of the access control list (acl) file that
|
||||
@ -34,7 +81,7 @@ Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
||||
|
||||
.IP database_name
|
||||
This
|
||||
@@ -254,7 +254,7 @@ tickets should be checked against the tr
|
||||
@@ -257,7 +257,7 @@ tickets should be checked against the tr
|
||||
realm names and the [capaths] section of its krb5.conf file
|
||||
|
||||
.SH FILES
|
||||
@ -43,12 +90,12 @@ Index: krb5-1.8-alpha1/src/config-files/kdc.conf.M
|
||||
|
||||
.SH SEE ALSO
|
||||
krb5.conf(5), krb5kdc(8)
|
||||
Index: krb5-1.8-alpha1/src/configure.in
|
||||
Index: krb5-1.7/src/configure.in
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/configure.in
|
||||
+++ krb5-1.8-alpha1/src/configure.in
|
||||
@@ -1052,6 +1052,58 @@ if test "$ac_cv_lib_socket" = "yes" -a "
|
||||
fi
|
||||
--- krb5-1.7.orig/src/configure.in
|
||||
+++ krb5-1.7/src/configure.in
|
||||
@@ -1041,6 +1041,69 @@ dnl
|
||||
AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet)
|
||||
|
||||
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
||||
+
|
||||
@ -71,8 +118,18 @@ Index: krb5-1.8-alpha1/src/configure.in
|
||||
+AC_SUBST(manlocalstatedir)
|
||||
+AC_SUBST(manlibexecdir)
|
||||
+AC_OUTPUT([
|
||||
+ appl/bsd/klogind.M
|
||||
+ appl/bsd/kshd.M
|
||||
+ appl/bsd/login.M
|
||||
+ appl/bsd/rcp.M
|
||||
+ appl/bsd/rlogin.M
|
||||
+ appl/bsd/rsh.M
|
||||
+ appl/gssftp/ftpd/ftpd.M
|
||||
+ appl/gssftp/ftp/ftp.M
|
||||
+ appl/sample/sclient/sclient.M
|
||||
+ appl/sample/sserver/sserver.M
|
||||
+ appl/telnet/telnetd/telnetd.8
|
||||
+ appl/telnet/telnet/telnet.1
|
||||
+ clients/kcpytkt/kcpytkt.M
|
||||
+ clients/kdeltkt/kdeltkt.M
|
||||
+ clients/kdestroy/kdestroy.M
|
||||
@ -90,6 +147,7 @@ Index: krb5-1.8-alpha1/src/configure.in
|
||||
+ kadmin/cli/kadmin.M
|
||||
+ kadmin/dbutil/kdb5_util.M
|
||||
+ kadmin/ktutil/ktutil.M
|
||||
+ kadmin/passwd/kpasswd.M
|
||||
+ kadmin/server/kadmind.M
|
||||
+ kdc/krb5kdc.M
|
||||
+ krb5-config.M
|
||||
@ -106,11 +164,11 @@ Index: krb5-1.8-alpha1/src/configure.in
|
||||
V5_AC_OUTPUT_MAKEFILE(.
|
||||
|
||||
util util/support util/profile util/send-pr
|
||||
Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
||||
Index: krb5-1.7/src/kadmin/cli/kadmin.M
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/kadmin/cli/kadmin.M
|
||||
+++ krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
||||
@@ -869,9 +869,9 @@ option is specified, less verbose status
|
||||
--- krb5-1.7.orig/src/kadmin/cli/kadmin.M
|
||||
+++ krb5-1.7/src/kadmin/cli/kadmin.M
|
||||
@@ -850,9 +850,9 @@ option is specified, less verbose status
|
||||
.RS
|
||||
.TP
|
||||
EXAMPLE:
|
||||
@ -122,7 +180,7 @@ Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
||||
kadmin:
|
||||
.RE
|
||||
.fi
|
||||
@@ -913,7 +913,7 @@ passwords.
|
||||
@@ -894,7 +894,7 @@ passwords.
|
||||
.SH HISTORY
|
||||
The
|
||||
.B kadmin
|
||||
@ -131,10 +189,10 @@ Index: krb5-1.8-alpha1/src/kadmin/cli/kadmin.M
|
||||
OpenVision Kerberos administration program.
|
||||
.SH SEE ALSO
|
||||
.IR kerberos (1),
|
||||
Index: krb5-1.8-alpha1/src/slave/kprop.M
|
||||
Index: krb5-1.7/src/slave/kprop.M
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/slave/kprop.M
|
||||
+++ krb5-1.8-alpha1/src/slave/kprop.M
|
||||
--- krb5-1.7.orig/src/slave/kprop.M
|
||||
+++ krb5-1.7/src/slave/kprop.M
|
||||
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
||||
This is done by transmitting the dumped database file to the slave
|
||||
server over an encrypted, secure channel. The dump file must be created
|
||||
@ -153,10 +211,10 @@ Index: krb5-1.8-alpha1/src/slave/kprop.M
|
||||
.TP
|
||||
\fB\-P\fP \fIport\fP
|
||||
specifies the port to use to contact the
|
||||
Index: krb5-1.8-alpha1/src/slave/kpropd.M
|
||||
Index: krb5-1.7/src/slave/kpropd.M
|
||||
===================================================================
|
||||
--- krb5-1.8-alpha1.orig/src/slave/kpropd.M
|
||||
+++ krb5-1.8-alpha1/src/slave/kpropd.M
|
||||
--- krb5-1.7.orig/src/slave/kpropd.M
|
||||
+++ krb5-1.7/src/slave/kpropd.M
|
||||
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
||||
This is done by adding a line to the inetd.conf file which looks like
|
||||
this:
|
||||
@ -164,7 +222,7 @@ Index: krb5-1.8-alpha1/src/slave/kpropd.M
|
||||
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
||||
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
|
||||
|
||||
However, kpropd can also run as a standalone daemon, if the
|
||||
However, kpropd can also run as a standalone deamon, if the
|
||||
.B \-S
|
||||
@@ -111,13 +111,13 @@ is used.
|
||||
\fB\-f\fP \fIfile\fP
|
||||
|
@ -1,5 +1,15 @@
|
||||
appl/bsd/klogind.M
|
||||
appl/bsd/kshd.M
|
||||
appl/bsd/login.M
|
||||
appl/bsd/rcp.M
|
||||
appl/bsd/rlogin.M
|
||||
appl/bsd/rsh.M
|
||||
appl/gssftp/ftpd/ftpd.M
|
||||
appl/gssftp/ftp/ftp.M
|
||||
appl/sample/sclient/sclient.M
|
||||
appl/sample/sserver/sserver.M
|
||||
appl/telnet/telnetd/telnetd.8
|
||||
appl/telnet/telnet/telnet.1
|
||||
clients/kcpytkt/kcpytkt.M
|
||||
clients/kdeltkt/kdeltkt.M
|
||||
clients/kdestroy/kdestroy.M
|
||||
@ -17,6 +27,7 @@ kadmin/cli/kadmin.local.M
|
||||
kadmin/cli/kadmin.M
|
||||
kadmin/dbutil/kdb5_util.M
|
||||
kadmin/ktutil/ktutil.M
|
||||
kadmin/passwd/kpasswd.M
|
||||
kadmin/server/kadmind.M
|
||||
kdc/krb5kdc.M
|
||||
krb5-config.M
|
||||
|
3
krb5-1.7.tar.bz2
Normal file
3
krb5-1.7.tar.bz2
Normal file
@ -0,0 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:2043f38c46a9721cfab28f0fdf876af17d542cab458a87d0324783189e9570cd
|
||||
size 10407001
|
@ -1,3 +0,0 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:10890ef19905e36e99d82cbe7caa6e8b0875b2a304f9a9e2d05137c87aff8212
|
||||
size 9958816
|
@ -1,8 +1,3 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 4 11:45:22 CET 2010 - mc@suse.de
|
||||
|
||||
- update to version 1.8
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Wed Jun 3 10:47:07 CEST 2009 - mc@suse.de
|
||||
|
||||
|
@ -1,7 +1,6 @@
|
||||
#
|
||||
# spec file for package krb5-doc (Version 1.8)
|
||||
# spec file for package krb5-doc (Version 1.7)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@ -21,14 +20,15 @@
|
||||
|
||||
Name: krb5-doc
|
||||
BuildRequires: ghostscript-library latex2html texlive
|
||||
Version: 1.8
|
||||
Release: 6
|
||||
%define srcRoot krb5-1.8
|
||||
Version: 1.7
|
||||
Release: 7
|
||||
%define srcRoot krb5-1.7
|
||||
Summary: MIT Kerberos5 Implementation--Documentation
|
||||
License: MIT License (or similar)
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
Group: Documentation/Other
|
||||
Source: krb5-1.8.tar.bz2
|
||||
Source: krb5-%{version}.tar.bz2
|
||||
Source1: README.Source
|
||||
Source3: %{name}-%{version}-rpmlintrc
|
||||
Patch0: krb5-1.3.5-perlfix.dif
|
||||
Patch1: krb5-1.6.3-texi2dvi-fix.dif
|
||||
|
@ -1,28 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
||||
Thu Jan 7 11:45:14 CET 2010 - mc@suse.de
|
||||
|
||||
- update to version 1.8
|
||||
* Increase code quality
|
||||
* Move toward improved KDB interface
|
||||
* Investigate and remedy repeatedly-reported performance
|
||||
bottlenecks.
|
||||
* Reduce DNS dependence by implementing an interface that allows
|
||||
client library to track whether a KDC supports service
|
||||
principal referrals.
|
||||
* Disable DES by default
|
||||
* Account lockout for repeated login failures
|
||||
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
||||
backend modules
|
||||
* FAST enhancements
|
||||
* Microsoft Services for User (S4U) compatibility
|
||||
* Anonymous PKINIT
|
||||
- fix KDC denial of service
|
||||
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
|
||||
- fix KDC denial of service in cross-realm referral processing
|
||||
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
|
||||
- fix integer underflow in AES and RC4 decryption
|
||||
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
||||
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
||||
|
||||
- add baselibs.conf as a source
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 13 16:51:37 CET 2009 - mc@suse.de
|
||||
|
170
krb5-mini.spec
170
krb5-mini.spec
@ -1,7 +1,6 @@
|
||||
#
|
||||
# spec file for package krb5 (Version 1.8)
|
||||
# spec file for package krb5-mini (Version 1.7)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@ -19,7 +18,7 @@
|
||||
# norootforbuild
|
||||
|
||||
%define build_mini 1
|
||||
%define srcRoot krb5-1.8
|
||||
%define srcRoot krb5-1.7
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
|
||||
@ -28,8 +27,8 @@ License: MIT License (or similar)
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
Version: 1.8
|
||||
Release: 6
|
||||
Version: 1.7
|
||||
Release: 7
|
||||
%if ! 0%{?build_mini}
|
||||
BuildRequires: libopenssl-devel openldap2-devel
|
||||
# bug437293
|
||||
@ -43,18 +42,25 @@ Group: Productivity/Networking/Security
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
Group: Productivity/Networking/Security
|
||||
%endif
|
||||
Source: krb5-1.8.tar.bz2
|
||||
Source: krb5-1.7.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: README.Source
|
||||
Source3: spx.c
|
||||
Source4: baselibs.conf
|
||||
Source5: krb5-%{version}-rpmlintrc
|
||||
Source10: krb5-1.7-manpaths.txt
|
||||
Patch2: krb5-1.6.1-compile_pie.dif
|
||||
Patch20: krb5-1.6.3-kprop-use-mkstemp.dif
|
||||
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
|
||||
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch30: krb5-1.7-manpaths.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch41: krb5-1.6.3-kpasswd_tcp.patch
|
||||
Patch44: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch46: krb5-1.6.3-fix-ipv6-query.dif
|
||||
Patch47: krb5-1.7-MITKRB5-SA-2009-003.dif
|
||||
Patch48: krb5-1.7-MITKRB5-SA-2009-004.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
@ -111,6 +117,46 @@ and more.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-servers
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 server applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-servers
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible server applications like ftpd, klogind, telnetd, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-clients
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 client applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-clients
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible client applications like ftp, rpc, rlogin, telnet, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
@ -194,14 +240,25 @@ Authors:
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
|
||||
then
|
||||
echo "spx.c contains potential legal risks."
|
||||
exit 1;
|
||||
else
|
||||
cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
|
||||
fi
|
||||
%patch2
|
||||
%patch20
|
||||
%patch21
|
||||
%patch22
|
||||
%patch30 -p1
|
||||
%patch32 -p1
|
||||
%patch34 -p1
|
||||
%patch41
|
||||
%patch44 -p1
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat %{SOURCE10} | while read manpage ; do
|
||||
@ -262,6 +319,12 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
|
||||
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
||||
for n in ftpd.8 telnetd.8; do
|
||||
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
|
||||
done
|
||||
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
|
||||
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
|
||||
done
|
||||
# all libs must have permissions 0755
|
||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||
do
|
||||
@ -274,6 +337,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
|
||||
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
|
||||
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
|
||||
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
||||
# install xinetd files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
|
||||
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
|
||||
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
|
||||
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
|
||||
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
|
||||
# install logrotate files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
||||
@ -352,9 +421,7 @@ rm -rf %{buildroot}
|
||||
%dir /usr/lib/mit/sbin
|
||||
%{_libdir}/libgssrpc.so
|
||||
%{_libdir}/libk5crypto.so
|
||||
%{_libdir}/libkadm5clnt_mit.so
|
||||
%{_libdir}/libkadm5clnt.so
|
||||
%{_libdir}/libkadm5srv_mit.so
|
||||
%{_libdir}/libkadm5srv.so
|
||||
%{_libdir}/libkdb5.so
|
||||
%{_libdir}/libkrb5.so
|
||||
@ -388,13 +455,17 @@ rm -rf %{buildroot}
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||
%{_sysconfdir}/init.d/*
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt_mit.so.*
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
@ -408,10 +479,15 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/lib/mit/bin/kvno
|
||||
/usr/lib/mit/bin/kinit
|
||||
@ -421,10 +497,16 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
#/usr/lib/mit/bin/*
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
/usr/bin/rc*
|
||||
@ -435,7 +517,12 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
@ -462,8 +549,8 @@ rm -rf %{buildroot}
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt_mit.so.*
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
@ -495,10 +582,6 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||
%{_mandir}/man5/kdc.conf.5*
|
||||
%{_mandir}/man8/kadmind.8*
|
||||
@ -508,7 +591,6 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man8/kproplog.8.gz
|
||||
%{_mandir}/man8/kdb5_util.8*
|
||||
%{_mandir}/man8/krb5kdc.8*
|
||||
%{_mandir}/man8/sserver.8*
|
||||
|
||||
%files client
|
||||
%defattr(-,root,root)
|
||||
@ -523,11 +605,6 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
%{_mandir}/man1/kvno.1*
|
||||
@ -541,8 +618,53 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
%{_mandir}/man5/krb5.conf.5*
|
||||
%{_mandir}/man5/.k5login.5*
|
||||
%{_mandir}/man1/ksu.1.gz
|
||||
%{_mandir}/man1/sclient.1.gz
|
||||
|
||||
%files apps-servers
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
%{_mandir}/man8/kftpd.8*
|
||||
%{_mandir}/man8/klogind.8*
|
||||
%{_mandir}/man8/kshd.8*
|
||||
%{_mandir}/man8/ktelnetd.8*
|
||||
%{_mandir}/man8/sserver.8*
|
||||
%{_mandir}/man8/login.krb5.8*
|
||||
|
||||
%files apps-clients
|
||||
%defattr(-,root,root)
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
# removed SUID bit, we will rely on su + pam_krb
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
|
||||
%files plugin-kdb-ldap
|
||||
%defattr(-,root,root)
|
||||
|
25
krb5.changes
25
krb5.changes
@ -1,28 +1,15 @@
|
||||
-------------------------------------------------------------------
|
||||
Thu Mar 4 10:42:29 CET 2010 - mc@suse.de
|
||||
Thu Jan 7 11:45:14 CET 2010 - mc@suse.de
|
||||
|
||||
- update to version 1.8
|
||||
* Increase code quality
|
||||
* Move toward improved KDB interface
|
||||
* Investigate and remedy repeatedly-reported performance
|
||||
bottlenecks.
|
||||
* Reduce DNS dependence by implementing an interface that allows
|
||||
client library to track whether a KDC supports service
|
||||
principal referrals.
|
||||
* Disable DES by default
|
||||
* Account lockout for repeated login failures
|
||||
* Bridge layer to allow Heimdal HDB modules to act as KDB
|
||||
backend modules
|
||||
* FAST enhancements
|
||||
* Microsoft Services for User (S4U) compatibility
|
||||
* Anonymous PKINIT
|
||||
- fix KDC denial of service
|
||||
CVE-2010-0283, MITKRB5-SA-2010-001 (bnc#571781)
|
||||
- fix KDC denial of service in cross-realm referral processing
|
||||
CVE-2009-3295, MITKRB5-SA-2009-003 (bnc#561347)
|
||||
- fix integer underflow in AES and RC4 decryption
|
||||
CVE-2009-4212, MITKRB5-SA-2009-004 (bnc#561351)
|
||||
- moved krb5 applications (telnet, ftp, rlogin, ...) to krb5-appl
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Mon Dec 14 16:32:01 CET 2009 - jengelh@medozas.de
|
||||
|
||||
- add baselibs.conf as a source
|
||||
|
||||
-------------------------------------------------------------------
|
||||
Fri Nov 13 16:51:37 CET 2009 - mc@suse.de
|
||||
|
170
krb5.spec
170
krb5.spec
@ -1,7 +1,6 @@
|
||||
#
|
||||
# spec file for package krb5 (Version 1.8)
|
||||
# spec file for package krb5 (Version 1.7)
|
||||
#
|
||||
# Copyright (c) 2009 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
# Copyright (c) 2010 SUSE LINUX Products GmbH, Nuernberg, Germany.
|
||||
#
|
||||
# All modifications and additions to the file contributed by third parties
|
||||
@ -19,7 +18,7 @@
|
||||
# norootforbuild
|
||||
|
||||
%define build_mini 0
|
||||
%define srcRoot krb5-1.8
|
||||
%define srcRoot krb5-1.7
|
||||
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
|
||||
%define krb5docdir %{_defaultdocdir}/krb5
|
||||
|
||||
@ -28,8 +27,8 @@ License: MIT License (or similar)
|
||||
Url: http://web.mit.edu/kerberos/www/
|
||||
BuildRequires: bison libcom_err-devel ncurses-devel
|
||||
BuildRequires: keyutils keyutils-devel
|
||||
Version: 1.8
|
||||
Release: 6
|
||||
Version: 1.7
|
||||
Release: 7
|
||||
%if ! 0%{?build_mini}
|
||||
BuildRequires: libopenssl-devel openldap2-devel
|
||||
# bug437293
|
||||
@ -43,18 +42,25 @@ Group: Productivity/Networking/Security
|
||||
Summary: MIT Kerberos5 Implementation--Libraries
|
||||
Group: Productivity/Networking/Security
|
||||
%endif
|
||||
Source: krb5-1.8.tar.bz2
|
||||
Source: krb5-1.7.tar.bz2
|
||||
Source1: vendor-files.tar.bz2
|
||||
Source2: README.Source
|
||||
Source3: spx.c
|
||||
Source4: baselibs.conf
|
||||
Source5: krb5-%{version}-rpmlintrc
|
||||
Source10: krb5-1.7-manpaths.txt
|
||||
Patch2: krb5-1.6.1-compile_pie.dif
|
||||
Patch20: krb5-1.6.3-kprop-use-mkstemp.dif
|
||||
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
|
||||
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
|
||||
Patch30: krb5-1.7-manpaths.dif
|
||||
Patch32: krb5-1.4.3-enospc.dif
|
||||
Patch34: krb5-1.6.3-gssapi_improve_errormessages.dif
|
||||
Patch41: krb5-1.6.3-kpasswd_tcp.patch
|
||||
Patch44: krb5-1.6.3-ktutil-manpage.dif
|
||||
Patch46: krb5-1.6.3-fix-ipv6-query.dif
|
||||
Patch47: krb5-1.7-MITKRB5-SA-2009-003.dif
|
||||
Patch48: krb5-1.7-MITKRB5-SA-2009-004.dif
|
||||
BuildRoot: %{_tmppath}/%{name}-%{version}-build
|
||||
PreReq: mktemp, grep, /bin/touch, coreutils
|
||||
PreReq: %insserv_prereq %fillup_prereq
|
||||
@ -111,6 +117,46 @@ and more.
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-servers
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 server applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-servers
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible server applications like ftpd, klogind, telnetd, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
Sam Hartman <hartmans@mit.edu>
|
||||
Ken Raeburn <raeburn@mit.edu>
|
||||
Tom Yu <tlyu@mit.edu>
|
||||
|
||||
%package apps-clients
|
||||
License: MIT License (or similar)
|
||||
Summary: MIT Kerberos5 client applications
|
||||
Group: Productivity/Networking/Security
|
||||
|
||||
%description apps-clients
|
||||
Kerberos V5 is a trusted-third-party network authentication system,
|
||||
which can improve your network's security by eliminating the insecure
|
||||
practice of cleartext passwords. This package includes some kerberos
|
||||
compatible client applications like ftp, rpc, rlogin, telnet, ...
|
||||
|
||||
|
||||
|
||||
Authors:
|
||||
--------
|
||||
The MIT Kerberos Team
|
||||
@ -194,14 +240,25 @@ Authors:
|
||||
%prep
|
||||
%setup -q -n %{srcRoot}
|
||||
%setup -a 1 -T -D -n %{srcRoot}
|
||||
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
|
||||
then
|
||||
echo "spx.c contains potential legal risks."
|
||||
exit 1;
|
||||
else
|
||||
cp %{SOURCE3} %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
|
||||
fi
|
||||
%patch2
|
||||
%patch20
|
||||
%patch21
|
||||
%patch22
|
||||
%patch30 -p1
|
||||
%patch32 -p1
|
||||
%patch34 -p1
|
||||
%patch41
|
||||
%patch44 -p1
|
||||
%patch46 -p1
|
||||
%patch47 -p1
|
||||
%patch48 -p1
|
||||
# Rename the man pages so that they'll get generated correctly.
|
||||
pushd src
|
||||
cat %{SOURCE10} | while read manpage ; do
|
||||
@ -262,6 +319,12 @@ install -m 644 %{vendorFiles}/krb5.csh.profile %{buildroot}/etc/profile.d/krb5.c
|
||||
install -m 644 %{vendorFiles}/krb5.sh.profile %{buildroot}/etc/profile.d/krb5.sh
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kdc %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kdc
|
||||
install -m 644 %{vendorFiles}/SuSEFirewall.kadmind %{buildroot}/etc/sysconfig/SuSEfirewall2.d/services/kadmind
|
||||
for n in ftpd.8 telnetd.8; do
|
||||
mv %{buildroot}%{_mandir}/man8/${n} %{buildroot}%{_mandir}/man8/k${n}
|
||||
done
|
||||
for n in ftp.1 rlogin.1 rcp.1 rsh.1 telnet.1; do
|
||||
mv %{buildroot}%{_mandir}/man1/${n} %{buildroot}%{_mandir}/man1/k${n}
|
||||
done
|
||||
# all libs must have permissions 0755
|
||||
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
|
||||
do
|
||||
@ -274,6 +337,12 @@ mkdir -p %{buildroot}%{_sysconfdir}/init.d
|
||||
install -m 755 %{vendorFiles}/kadmind.init %{buildroot}%{_sysconfdir}/init.d/kadmind
|
||||
install -m 755 %{vendorFiles}/krb5kdc.init %{buildroot}%{_sysconfdir}/init.d/krb5kdc
|
||||
install -m 755 %{vendorFiles}/kpropd.init %{buildroot}%{_sysconfdir}/init.d/kpropd
|
||||
# install xinetd files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/xinetd.d
|
||||
install -m 644 %{vendorFiles}/klogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/klogin
|
||||
install -m 644 %{vendorFiles}/eklogin.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/eklogin
|
||||
install -m 644 %{vendorFiles}/krb5-telnet.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/ktelnet
|
||||
install -m 644 %{vendorFiles}/kshell.xinetd %{buildroot}%{_sysconfdir}/xinetd.d/kshell
|
||||
# install logrotate files
|
||||
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
|
||||
install -m 644 %{vendorFiles}/krb5-server.logrotate %{buildroot}%{_sysconfdir}/logrotate.d/krb5-server
|
||||
@ -352,9 +421,7 @@ rm -rf %{buildroot}
|
||||
%dir /usr/lib/mit/sbin
|
||||
%{_libdir}/libgssrpc.so
|
||||
%{_libdir}/libk5crypto.so
|
||||
%{_libdir}/libkadm5clnt_mit.so
|
||||
%{_libdir}/libkadm5clnt.so
|
||||
%{_libdir}/libkadm5srv_mit.so
|
||||
%{_libdir}/libkadm5srv.so
|
||||
%{_libdir}/libkdb5.so
|
||||
%{_libdir}/libkrb5.so
|
||||
@ -388,13 +455,17 @@ rm -rf %{buildroot}
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kdc.conf
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.acl
|
||||
%attr(0600,root,root) %config(noreplace) %{_localstatedir}/lib/kerberos/krb5kdc/kadm5.dict
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%config %{_sysconfdir}/sysconfig/SuSEfirewall2.d/services/k*
|
||||
%{_sysconfdir}/init.d/*
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt_mit.so.*
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
@ -408,10 +479,15 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/lib/mit/bin/kvno
|
||||
/usr/lib/mit/bin/kinit
|
||||
@ -421,10 +497,16 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
#/usr/lib/mit/bin/*
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
/usr/bin/rc*
|
||||
@ -435,7 +517,12 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/kpasswd.1*
|
||||
%{_mandir}/man1/klist.1*
|
||||
%{_mandir}/man1/kerberos.1*
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
%{_mandir}/man1/kadmin.1*
|
||||
%{_mandir}/man1/ktutil.1*
|
||||
@ -462,8 +549,8 @@ rm -rf %{buildroot}
|
||||
%{_libdir}/libgssapi_krb5.*
|
||||
%{_libdir}/libgssrpc.so.*
|
||||
%{_libdir}/libk5crypto.so.*
|
||||
%{_libdir}/libkadm5clnt_mit.so.*
|
||||
%{_libdir}/libkadm5srv_mit.so.*
|
||||
%{_libdir}/libkadm5clnt.so.*
|
||||
%{_libdir}/libkadm5srv.so.*
|
||||
%{_libdir}/libkdb5.so.*
|
||||
%{_libdir}/libkrb5.so.*
|
||||
%{_libdir}/libkrb5support.so.*
|
||||
@ -495,10 +582,6 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/sbin/kprop
|
||||
/usr/lib/mit/sbin/kdb5_util
|
||||
/usr/lib/mit/sbin/krb5kdc
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
%{_libdir}/krb5/plugins/kdb/db2.so
|
||||
%{_mandir}/man5/kdc.conf.5*
|
||||
%{_mandir}/man8/kadmind.8*
|
||||
@ -508,7 +591,6 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man8/kproplog.8.gz
|
||||
%{_mandir}/man8/kdb5_util.8*
|
||||
%{_mandir}/man8/krb5kdc.8*
|
||||
%{_mandir}/man8/sserver.8*
|
||||
|
||||
%files client
|
||||
%defattr(-,root,root)
|
||||
@ -523,11 +605,6 @@ rm -rf %{buildroot}
|
||||
/usr/lib/mit/bin/kadmin
|
||||
/usr/lib/mit/bin/ktutil
|
||||
/usr/lib/mit/bin/k5srvutil
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/sim_client
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/bin/kinit
|
||||
/usr/bin/klist
|
||||
%{_mandir}/man1/kvno.1*
|
||||
@ -541,8 +618,53 @@ rm -rf %{buildroot}
|
||||
%{_mandir}/man1/k5srvutil.1*
|
||||
%{_mandir}/man5/krb5.conf.5*
|
||||
%{_mandir}/man5/.k5login.5*
|
||||
%{_mandir}/man1/ksu.1.gz
|
||||
%{_mandir}/man1/sclient.1.gz
|
||||
|
||||
%files apps-servers
|
||||
%defattr(-,root,root)
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/klogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/eklogin
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/kshell
|
||||
%config(noreplace) %{_sysconfdir}/xinetd.d/ktelnet
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/sbin
|
||||
/usr/lib/mit/sbin/ftpd
|
||||
/usr/lib/mit/sbin/klogind
|
||||
/usr/lib/mit/sbin/kshd
|
||||
/usr/lib/mit/sbin/telnetd
|
||||
/usr/lib/mit/sbin/uuserver
|
||||
/usr/lib/mit/sbin/sserver
|
||||
/usr/lib/mit/sbin/gss-server
|
||||
/usr/lib/mit/sbin/sim_server
|
||||
/usr/lib/mit/sbin/login.krb5
|
||||
%{_mandir}/man8/kftpd.8*
|
||||
%{_mandir}/man8/klogind.8*
|
||||
%{_mandir}/man8/kshd.8*
|
||||
%{_mandir}/man8/ktelnetd.8*
|
||||
%{_mandir}/man8/sserver.8*
|
||||
%{_mandir}/man8/login.krb5.8*
|
||||
|
||||
%files apps-clients
|
||||
%defattr(-,root,root)
|
||||
%dir /usr/lib/mit
|
||||
%dir /usr/lib/mit/bin
|
||||
/usr/lib/mit/bin/ftp
|
||||
/usr/lib/mit/bin/rlogin
|
||||
# removed SUID bit, we will rely on su + pam_krb
|
||||
%attr(0755,root,root) /usr/lib/mit/bin/ksu
|
||||
/usr/lib/mit/bin/rcp
|
||||
/usr/lib/mit/bin/rsh
|
||||
/usr/lib/mit/bin/telnet
|
||||
/usr/lib/mit/bin/uuclient
|
||||
/usr/lib/mit/bin/sclient
|
||||
/usr/lib/mit/bin/gss-client
|
||||
/usr/lib/mit/bin/sim_client
|
||||
%{_mandir}/man1/kftp.1*
|
||||
%{_mandir}/man1/krlogin.1*
|
||||
%{_mandir}/man1/krsh.1*
|
||||
%{_mandir}/man1/ktelnet.1*
|
||||
%{_mandir}/man1/ksu.1*
|
||||
%{_mandir}/man1/krcp.1*
|
||||
%{_mandir}/man1/sclient.1*
|
||||
|
||||
%files plugin-kdb-ldap
|
||||
%defattr(-,root,root)
|
||||
|
50
spx.c
Normal file
50
spx.c
Normal file
@ -0,0 +1,50 @@
|
||||
/*-
|
||||
* Copyright (c) 1992, 1993
|
||||
* The Regents of the University of California. All rights reserved.
|
||||
*
|
||||
* Redistribution and use in source and binary forms, with or without
|
||||
* modification, are permitted provided that the following conditions
|
||||
* are met:
|
||||
* 1. Redistributions of source code must retain the above copyright
|
||||
* notice, this list of conditions and the following disclaimer.
|
||||
* 2. Redistributions in binary form must reproduce the above copyright
|
||||
* notice, this list of conditions and the following disclaimer in the
|
||||
* documentation and/or other materials provided with the distribution.
|
||||
* 3. All advertising materials mentioning features or use of this software
|
||||
* must display the following acknowledgement:
|
||||
* This product includes software developed by the University of
|
||||
* California, Berkeley and its contributors.
|
||||
* 4. Neither the name of the University nor the names of its contributors
|
||||
* may be used to endorse or promote products derived from this software
|
||||
* without specific prior written permission.
|
||||
*
|
||||
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
||||
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
||||
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
||||
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
||||
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
||||
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
||||
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
||||
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
||||
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||
* SUCH DAMAGE.
|
||||
*/
|
||||
|
||||
/* based on @(#)spx.c 8.1 (Berkeley) 6/4/93 */
|
||||
|
||||
#include "misc-proto.h"
|
||||
|
||||
#ifdef notdef
|
||||
|
||||
prkey(msg, key)
|
||||
char *msg;
|
||||
unsigned char *key;
|
||||
{
|
||||
register int i;
|
||||
printf("%s:", msg);
|
||||
for (i = 0; i < 8; i++)
|
||||
printf(" %3d", key[i]);
|
||||
printf("\r\n");
|
||||
}
|
||||
#endif
|
@ -1,3 +1,3 @@
|
||||
version https://git-lfs.github.com/spec/v1
|
||||
oid sha256:afd7fcef667fa671ba023b747d95c62dd83b03c4bb93c7132e1ae78fe837c35e
|
||||
size 182067
|
||||
oid sha256:cc8af64eb451283d9ed22d52848a923e65a50b5c80442fe3165f238efdd34571
|
||||
size 182153
|
||||
|
Loading…
Reference in New Issue
Block a user