rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=4

Browse Source
This commit is contained in:
OBS User unknown 2007-01-26 16:41:59 +00:00 committed by Git OBS Bridge
parent fb489c895a
commit 5d2358dad0
17 changed files with 561 additions and 1653 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
View File

@ -1,21 +0,0 @@
--- src/lib/rpc/svc.c
+++ src/lib/rpc/svc.c 2006/12/05 10:03:35
@@ -437,6 +437,8 @@
#endif
}
+extern struct svc_auth_ops svc_auth_gss_ops;
+
static void
svc_do_xprt(SVCXPRT *xprt)
{
@@ -518,6 +520,9 @@
if ((stat = SVC_STAT(xprt)) == XPRT_DIED){
SVC_DESTROY(xprt);
break;
+ } else if ((xprt->xp_auth != NULL) &&
+ (xprt->xp_auth->svc_ah_ops != &svc_auth_gss_ops)) {
+ xprt->xp_auth = NULL;
}
} while (stat == XPRT_MOREREQS);

1530
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
View File

File diff suppressed because it is too large Load Diff

11
krb5-1.5.1-fix-ftp-var-used-uninitialized.dif Normal file
View File

@ -0,0 +1,11 @@
--- src/appl/gssftp/ftp/ftp.c
+++ src/appl/gssftp/ftp/ftp.c 2007/01/23 11:19:43
@@ -1983,7 +1983,7 @@
#ifdef GSSAPI
if (command("AUTH %s", "GSSAPI") == CONTINUE) {
- OM_uint32 maj_stat, min_stat, dummy_stat;
+ OM_uint32 maj_stat = GSS_S_FAILURE , min_stat, dummy_stat;
gss_name_t target_name;
gss_buffer_desc send_tok, recv_tok, *token_ptr;
char stbuf[FTP_BUFSIZ];

3
krb5-1.5.1.tar.bz2
View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:a33c68ad46d2262481c18e59a14043e53bf692d7d83f7c88f0827f66324fd686
size 8524127

18
krb5-1.6-fix-passwd-tcp.dif Normal file
View File

@ -0,0 +1,18 @@
--- src/lib/krb5/os/changepw.c
+++ src/lib/krb5/os/changepw.c 2007/01/18 13:23:37
@@ -70,12 +70,14 @@
locate_service_kadmin, sockType, 0);
if (!code) {
/* Success with admin_server but now we need to change the
- port number to use DEFAULT_KPASSWD_PORT. */
+ port number to use DEFAULT_KPASSWD_PORT and the socktype. */
int i;
for (i=0; i<addrlist->naddrs; i++) {
struct addrinfo *a = addrlist->addrs[i].ai;
if (a->ai_family == AF_INET)
sa2sin (a->ai_addr)->sin_port = htons(DEFAULT_KPASSWD_PORT);
+ if (sockType != SOCK_STREAM)
+ a->ai_socktype = sockType;
}
}
}

20
krb5-1.6-fix-sendto_kdc-memset.dif Normal file
View File

@ -0,0 +1,20 @@
--- src/lib/krb5/os/sendto_kdc.c
+++ src/lib/krb5/os/sendto_kdc.c 2007/01/17 14:17:10
@@ -1100,7 +1100,7 @@
struct sockaddr *remoteaddr, socklen_t *remoteaddrlen,
int *addr_used)
{
- int i, pass;
+ int i = 0, pass;
int delay_this_pass = 2;
krb5_error_code retval;
struct conn_state *conns;
@@ -1135,7 +1135,7 @@
return ENOMEM;
}
- memset(conns, 0, n_conns * sizeof(callback_data[i]));
+ memset(callback_data, 0, n_conns * sizeof(callback_data[i]));
}
for (i = 0; i < n_conns; i++) {

189
krb5-1.6-post.dif Normal file
View File

@ -0,0 +1,189 @@
Index: src/lib/gssapi/krb5/k5sealv3.c
===================================================================
--- src/lib/gssapi/krb5/k5sealv3.c (.../tags/krb5-1-6-final) (Revision 19102)
+++ src/lib/gssapi/krb5/k5sealv3.c (.../branches/krb5-1-6) (Revision 19102)
@@ -412,10 +412,16 @@
if (load_16_be(althdr) != 0x0504
|| althdr[2] != ptr[2]
|| althdr[3] != ptr[3]
- || memcmp(althdr+8, ptr+8, 8))
+ || memcmp(althdr+8, ptr+8, 8)) {
+ free(plain.data);
goto defective;
+ }
message_buffer->value = plain.data;
message_buffer->length = plain.length - ec - 16;
+ if(message_buffer->length == 0) {
+ free(message_buffer->value);
+ message_buffer->value = NULL;
+ }
} else {
/* no confidentiality */
if (conf_state)
Index: src/lib/krb5/ccache/ccapi/stdcc.c
===================================================================
--- src/lib/krb5/ccache/ccapi/stdcc.c (.../tags/krb5-1-6-final) (Revision 19102)
+++ src/lib/krb5/ccache/ccapi/stdcc.c (.../branches/krb5-1-6) (Revision 19102)
@@ -56,6 +56,7 @@
#ifdef USE_CCAPI_V3
cc_context_t gCntrlBlock = NULL;
+cc_int32 gCCVersion = 0;
#else
apiCB *gCntrlBlock = NULL;
#endif
@@ -222,13 +223,59 @@
#ifdef USE_CCAPI_V3
+
+static krb5_error_code stdccv3_get_timeoffset (krb5_context in_context,
+ cc_ccache_t in_ccache)
+{
+ krb5_error_code err = 0;
+
+ if (gCCVersion >= ccapi_version_5) {
+ krb5_os_context os_ctx = (krb5_os_context) in_context->os_context;
+ cc_time_t time_offset = 0;
+
+ err = cc_ccache_get_kdc_time_offset (in_ccache, cc_credentials_v5,
+ &time_offset);
+
+ if (!err) {
+ os_ctx->time_offset = time_offset;
+ os_ctx->usec_offset = 0;
+ os_ctx->os_flags = ((os_ctx->os_flags & ~KRB5_OS_TOFFSET_TIME) |
+ KRB5_OS_TOFFSET_VALID);
+ }
+
+ if (err == ccErrTimeOffsetNotSet) {
+ err = 0; /* okay if there is no time offset */
+ }
+ }
+
+ return err; /* Don't translate. Callers will translate for us */
+}
+
+static krb5_error_code stdccv3_set_timeoffset (krb5_context in_context,
+ cc_ccache_t in_ccache)
+{
+ krb5_error_code err = 0;
+
+ if (gCCVersion >= ccapi_version_5) {
+ krb5_os_context os_ctx = (krb5_os_context) in_context->os_context;
+
+ if (!err && os_ctx->os_flags & KRB5_OS_TOFFSET_VALID) {
+ err = cc_ccache_set_kdc_time_offset (in_ccache,
+ cc_credentials_v5,
+ os_ctx->time_offset);
+ }
+ }
+
+ return err; /* Don't translate. Callers will translate for us */
+}
+
static krb5_error_code stdccv3_setup (krb5_context context,
stdccCacheDataPtr ccapi_data)
{
krb5_error_code err = 0;
if (!err && !gCntrlBlock) {
- err = cc_initialize (&gCntrlBlock, ccapi_version_max, NULL, NULL);
+ err = cc_initialize (&gCntrlBlock, ccapi_version_max, &gCCVersion, NULL);
}
if (!err && ccapi_data && !ccapi_data->NamedCache) {
@@ -237,6 +284,10 @@
&ccapi_data->NamedCache);
}
+ if (!err && ccapi_data && ccapi_data->NamedCache) {
+ err = stdccv3_get_timeoffset (context, ccapi_data->NamedCache);
+ }
+
return err; /* Don't translate. Callers will translate for us */
}
@@ -245,6 +296,7 @@
{
if (gCntrlBlock) { cc_context_release(gCntrlBlock); }
gCntrlBlock = NULL;
+ gCCVersion = 0;
}
/*
@@ -278,11 +330,15 @@
}
if (!err) {
- err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, 0L,
+ err = cc_context_create_new_ccache (gCntrlBlock, cc_credentials_v5, "",
&ccache);
}
if (!err) {
+ err = stdccv3_set_timeoffset (context, ccache);
+ }
+
+ if (!err) {
err = cc_ccache_get_name (ccache, &ccstring);
}
@@ -395,6 +451,7 @@
krb5_error_code err = 0;
stdccCacheDataPtr ccapi_data = id->data;
char *name = NULL;
+ cc_ccache_t ccache = NULL;
if (id == NULL) { err = KRB5_CC_NOMEM; }
@@ -406,23 +463,28 @@
err = krb5_unparse_name(context, princ, &name);
}
- if (!err && ccapi_data->NamedCache) {
- err = cc_ccache_release(ccapi_data->NamedCache);
- ccapi_data->NamedCache = NULL;
- }
-
if (!err) {
err = cc_context_create_ccache (gCntrlBlock, ccapi_data->cache_name,
cc_credentials_v5, name,
- &ccapi_data->NamedCache);
+ &ccache);
}
if (!err) {
- cache_changed();
+ err = stdccv3_set_timeoffset (context, ccache);
}
- if (name) { krb5_free_unparsed_name(context, name); }
+ if (!err) {
+ if (ccapi_data->NamedCache) {
+ err = cc_ccache_release (ccapi_data->NamedCache);
+ }
+ ccapi_data->NamedCache = ccache;
+ ccache = NULL; /* take ownership */
+ cache_changed ();
+ }
+ if (ccache) { cc_ccache_release (ccache); }
+ if (name ) { krb5_free_unparsed_name(context, name); }
+
return cc_err_xlate(err);
}
Eigenschaftsänderungen: .
___________________________________________________________________
Name: svk:merge
- 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19331
304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581
+ 122d7f7f-0217-0410-a6d0-d37b9a318acc:/local/krb5/branches/krb5-1-6:19367
304ed8f4-7412-0410-a0db-8249d8f37659:/my-branches/kdb-config:339
dc483132-0cff-0310-8789-dd5450dbe970:/branches/ccapi:18199
dc483132-0cff-0310-8789-dd5450dbe970:/branches/referrals/trunk:18581

3
krb5-1.6.tar.bz2 Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:1986a5a7bc529291bab69a989eae43d121d1f9de1796c38dda36f332ba7c1e93
size 10322183

9
krb5-doc.changes
View File

@ -1,3 +1,12 @@
-------------------------------------------------------------------
Mon Jan 22 12:21:20 CET 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
-------------------------------------------------------------------
Thu Aug 24 12:53:25 CEST 2006 - mc@suse.de

24
krb5-doc.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-doc (Version 1.5.1)
# spec file for package krb5-doc (Version 1.6)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -12,14 +12,14 @@
Name: krb5-doc
BuildRequires: ghostscript-library latex2html te_ams
Version: 1.5.1
Release: 39
%define srcRoot krb5-1.5.1
Version: 1.6
Release: 4
%define srcRoot krb5-1.6
Summary: MIT Kerberos5 Implementation--Documentation
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Documentation/Other
Source: krb5-1.5.1.tar.bz2
Source: krb5-1.6.tar.bz2
Source1: README.Source
Source2: Makefile.kadm5
Patch0: krb5-1.3.5-perlfix.dif
@ -62,10 +62,10 @@ latex2html -dir ../html/libdes -mkdir libdes.tex
cd ../implement
latex2html -dir ../html/implement -mkdir implement.tex
cd ..
mv krb5-admin html/
mv krb5-install html/
mv krb5-user html/
mv krb425 html/
#mv krb5-admin html/
#mv krb5-install html/
#mv krb5-user html/
#mv krb425 html/
mv *.html html/
cd ..
find . -type f -name '*.ps' -exec gzip -9 {} \;
@ -86,6 +86,12 @@ rm -rf %{buildroot}
%doc doc/html
%changelog -n krb5-doc
* Mon Jan 22 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
* Thu Aug 24 2006 - mc@suse.de
- update to version 1.5.1
- remove obsolete patches which are now included upstream

16
krb5-plugins.changes Normal file
View File

@ -0,0 +1,16 @@
-------------------------------------------------------------------
Tue Jan 23 17:21:53 CET 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
- use less BuildRequires
-------------------------------------------------------------------
Mon Jan 22 12:21:41 CET 2007 - mc@suse.de
- initial release (version 1.6)
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.

220
krb5-plugins.spec Normal file
View File

@ -0,0 +1,220 @@
#
# spec file for package krb5-plugins (Version 1.6)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
# package are under the same license as the package itself.
#
# Please submit bugfixes or comments via http://bugs.opensuse.org/
#
# norootforbuild
Name: krb5-plugins
Version: 1.6
Release: 4
BuildRequires: krb5-devel openldap2-devel
%define srcRoot krb5-1.6
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
Requires: krb5-server
Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.6.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.4-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch4: krb5-1.6-post.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
#Patch23: trunk-install-preauth-header.dif
Patch24: trunk-fix-strncat.dif
Patch25: krb5-1.6-fix-passwd-tcp.dif
Patch26: krb5-1.6-fix-sendto_kdc-memset.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%package -n krb5-plugin-kdb-ldap
Requires: krb5-server = %{version}
Summary: MIT Kerberos5 Implementation--LDAP Database Plugin
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
%description -n krb5-plugin-kdb-ldap
Kerberos V5 is a trusted-third-party network authentication system,
which can improve your network's security by eliminating the insecure
practice of clear text passwords. This package contains the LDAP
database plugin.
Authors:
--------
The MIT Kerberos Team
Sam Hartman <hartmans@mit.edu>
Ken Raeburn <raeburn@mit.edu>
Tom Yu <tlyu@mit.edu>
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
if [ -e %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c ]
then
echo "spx.c contains potential legal risks."
exit 1;
else
cp %{_sourcedir}/spx.c %{_builddir}/%{srcRoot}/src/appl/telnet/libtelnet/spx.c
fi
%patch1
%patch2
%patch3
%patch4
%patch6
cd %{_builddir}/%{srcRoot}/src
%patch14
%patch15
%patch16
%patch17
%patch18
%patch20
cd -
%patch21
%patch22
#%patch23
%patch24
%patch25
%patch26
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
--mandir=%{_mandir} \
--infodir=%{_infodir} \
--libexecdir=/usr/lib/mit/sbin \
--libdir=%{_libdir} \
--includedir=%{_includedir} \
--localstatedir=%{_localstatedir}/lib/kerberos \
--enable-shared \
--disable-static \
--enable-kdc-replay-cache \
--enable-dns-for-realm \
--with-ldap \
--with-system-et \
--with-system-ss
cd util/profile
make install-headers-unix
cd ../../include
make
cd ../lib/kadm5
make includes
cd ../gssapi/generic
make gssapi-include
ln -s %{_libdir}/libgssrpc.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libgssapi_krb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libk5crypto.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb5support.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkadm5srv.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkdb5.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libkrb4.so %{_builddir}/%{srcRoot}/src/lib/
ln -s %{_libdir}/libdes425.so %{_builddir}/%{srcRoot}/src/lib/
cd ../../../kadmin/cli
make getdate.o
cd ../../plugins/kdb/ldap/
make %{?jobs:-j%jobs}
#make check
%install
rm -rf %{buildroot}
mkdir -p %{buildroot}/%{_libdir}/krb5/plugins/kdb
mkdir -p %{buildroot}/%{krb5docdir}
mkdir -p %{buildroot}/usr/lib/mit/sbin/
mkdir -p %{buildroot}/%{_mandir}/man8/
cd src/plugins/kdb/ldap/
make DESTDIR=%{buildroot} install
# all libs must have permissions 0755
for lib in `find %{buildroot}/%{_libdir}/ -type f -name "*.so*"`
do
chmod 0755 ${lib}
done
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.schema %{buildroot}/%{krb5docdir}/kerberos.schema
install -m 644 %{_builddir}/%{srcRoot}/src/plugins/kdb/ldap/libkdb_ldap/kerberos.ldif %{buildroot}/%{krb5docdir}/kerberos.ldif
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
#####################################################
# krb5 pre/post/postun
#####################################################
%post -n krb5-plugin-kdb-ldap
%run_ldconfig
%postun -n krb5-plugin-kdb-ldap
%run_ldconfig
%clean
rm -rf %{buildroot}
########################################################
# files sections
########################################################
%files -n krb5-plugin-kdb-ldap
%defattr(-,root,root)
%dir %{_libdir}/krb5
%dir %{_libdir}/krb5/plugins
%dir %{_libdir}/krb5/plugins/kdb
%dir /usr/lib/mit/sbin/
%dir %{krb5docdir}
%doc %{krb5docdir}/kerberos.schema
%doc %{krb5docdir}/kerberos.ldif
%{_libdir}/krb5/plugins/kdb/*.so
/usr/lib/mit/sbin/*
%{_libdir}/libkdb_ldap*
%{_mandir}/man8/*
%changelog -n krb5-plugins
* Tue Jan 23 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
- use less BuildRequires
* Mon Jan 22 2007 - mc@suse.de
- initial release (version 1.6)
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.

25
krb5.changes
View File

@ -1,3 +1,24 @@
-------------------------------------------------------------------
Tue Jan 23 17:21:12 CET 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
-------------------------------------------------------------------
Mon Jan 22 16:39:27 CET 2007 - mc@suse.de
- krb5-devel should require keyutils-devel
-------------------------------------------------------------------
Mon Jan 22 12:19:49 CET 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches
-------------------------------------------------------------------
Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
@ -8,12 +29,12 @@ Wed Jan 10 11:16:30 CET 2007 - mc@suse.de
- fix for
kadmind (via GSS-API mechglue) frees uninitialized pointers
(CVE-2006-6144)(Bug #225992)
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
-------------------------------------------------------------------
Tue Jan 2 14:53:33 CET 2007 - mc@suse.de
- Fix Requires in krb5-devel
- Fix Requires in krb5-devel
[Bug #231008]
-------------------------------------------------------------------

50
krb5.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5 (Version 1.5.1)
# spec file for package krb5 (Version 1.6)
#
# Copyright (c) 2007 SUSE LINUX Products GmbH, Nuernberg, Germany.
# This file and all modifications and additions to the pristine
@ -11,10 +11,13 @@
# norootforbuild
Name: krb5
Version: 1.5.1
Release: 28
Version: 1.6
Release: 4
BuildRequires: libcom_err
%define srcRoot krb5-1.5.1
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
%endif
%define srcRoot krb5-1.6
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/%{name}
Provides: heimdal-lib
@ -23,7 +26,7 @@ Summary: MIT Kerberos5 Implementation--Libraries
License: X11/MIT
URL: http://web.mit.edu/kerberos/www/
Group: Productivity/Networking/Security
Source: krb5-1.5.1.tar.bz2
Source: krb5-1.6.tar.bz2
Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
@ -31,10 +34,8 @@ Source4: EncryptWithMasterKey.c
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.4-compile_pie.dif
Patch3: krb5-1.4-fix-segfault.dif
Patch4: krb5-1.5-MITKRB5-SA-2006-002-fix-code-exec.dif
Patch5: krb5-1.5-MITKRB5-SA-2006-003-fix-free-of-uninitialized-pointer.dif
Patch4: krb5-1.6-post.dif
Patch6: trunk-EncryptWithMasterKey.dif
Patch12: warning-fix-util-support.dif
Patch14: warning-fix-lib-crypto-des.dif
Patch15: warning-fix-lib-crypto-dk.dif
Patch16: warning-fix-lib-crypto.dif
@ -42,7 +43,11 @@ Patch17: warning-fix-lib-crypto-enc_provider.dif
Patch18: warning-fix-lib-crypto-yarrow_arcfour.dif
Patch20: kprop-use-mkstemp.dif
Patch21: krb5-1.5.1-fix-var-used-before-value-set.dif
Patch22: krb5-1.5.1-fix-strncat-warning.dif
Patch22: krb5-1.5.1-fix-ftp-var-used-uninitialized.dif
#Patch23: trunk-install-preauth-header.dif
Patch24: trunk-fix-strncat.dif
Patch25: krb5-1.6-fix-passwd-tcp.dif
Patch26: krb5-1.6-fix-sendto_kdc-memset.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch
@ -109,6 +114,9 @@ Summary: MIT Kerberos5 - Include Files and Libraries
Group: Development/Libraries/C and C++
PreReq: %{name} = %{version}
Requires: libcom_err
%if %{suse_version} > 1010
Requires: keyutils-devel
%endif
Provides: heimdal-tools-devel, heimdal-devel
Obsoletes: heimdal-tools-devel, heimdal-devel
@ -179,10 +187,8 @@ fi
%patch2
%patch3
%patch4
%patch5
%patch6
cd %{_builddir}/%{srcRoot}/src
%patch12
%patch14
%patch15
%patch16
@ -192,6 +198,10 @@ cd %{_builddir}/%{srcRoot}/src
cd -
%patch21
%patch22
#%patch23
%patch24
%patch25
%patch26
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
%build
@ -275,7 +285,6 @@ install -d -m 755 %{buildroot}/%{krb5docdir}
install -m 644 %{vendorFiles}/README.ConvertHeimdalMIT %{buildroot}/%{krb5docdir}/README.ConvertHeimdalMIT
install -m 744 %{vendorFiles}/heimdal2mit-DumpConvert.pl %{buildroot}/%{krb5docdir}/heimdal2mit-DumpConvert.pl
install -m 644 %{_builddir}/%{srcRoot}/README %{buildroot}/%{krb5docdir}/README
install -m 644 %{_builddir}/%{srcRoot}/doc/CHANGES %{buildroot}/%{krb5docdir}/CHANGES
install -m 744 %{vendorFiles}/simple_convert_krb5conf.pl %{buildroot}/%{krb5docdir}/simple_convert_krb5conf.pl
# cleanup
rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
@ -338,7 +347,6 @@ rm -rf %{buildroot}
%dir %{krb5docdir}
%attr(0700,root,root) %dir /var/log/krb5
%doc %{krb5docdir}/README
%doc %{krb5docdir}/CHANGES
%doc %{krb5docdir}/simple_convert_krb5conf.pl
%attr(0644,root,root) %config(noreplace) %{_sysconfdir}/krb5.conf
%attr(0644,root,root) %config /etc/profile.d/krb5*
@ -381,8 +389,6 @@ rm -rf %{buildroot}
/usr/lib/mit/sbin/EncryptWithMasterKey
%{_libdir}/krb5/plugins/kdb/*.so
%{_mandir}/man5/kdc.conf.5*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/sserver.8*
%{_mandir}/man8/kadmind.8*
%{_mandir}/man8/kadmin.local.8*
@ -420,6 +426,8 @@ rm -rf %{buildroot}
%{_mandir}/man1/klist.1*
%{_mandir}/man1/sclient.1*
%{_mandir}/man1/kerberos.1*
%{_mandir}/man5/krb5.conf.5*
%{_mandir}/man5/.k5login.5*
%{_mandir}/man8/kadmin.8*
%{_mandir}/man8/ktutil.8*
%{_mandir}/man8/k5srvutil.8*
@ -484,6 +492,18 @@ rm -rf %{buildroot}
%{_mandir}/man1/krb5-config.1*
%changelog -n krb5
* Tue Jan 23 2007 - mc@suse.de
- fix "local variable used before set" in ftp.c
[#237684]
* Mon Jan 22 2007 - mc@suse.de
- krb5-devel should require keyutils-devel
* Mon Jan 22 2007 - mc@suse.de
- update to version 1.6
* Major changes in 1.6 include
* Partial client implementation to handle server name referrals.
* Pre-authentication plug-in framework, donated by Red Hat.
* LDAP KDB plug-in, donated by Novell.
- remove obsolete patches
* Wed Jan 10 2007 - mc@suse.de
- fix for
kadmind (via RPC library) calls uninitialized function pointer

0
krb5-1.5.1-fix-strncat-warning.dif → trunk-fix-strncat.dif
View File

4
vendor-files.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:365b0ed6435c553cd505d595c9f2709b676ae15be3acdb419e6e85a0ec6b91c8
size 185388
oid sha256:e8ce2440626a516d24a0baf133f3b5e461b384153dc78bfb59705d7001a8ff2e
size 185933

71
warning-fix-util-support.dif
View File

@ -1,71 +0,0 @@
# threads.c: In function 'krb5int_thread_support_init':
# threads.c:456: warning: implicit declaration of function 'krb5int_err_init'
# errors.c: In function 'krb5int_vset_error':
# errors.c:52: warning: passing argument 1 of 'free' discards qualifiers from pointer target type
# errors.c:59: warning: implicit declaration of function 'vasprintf'
# errors.c: In function 'krb5int_get_error':
# errors.c:76: warning: assignment discards qualifiers from pointer target type
# errors.c:80: warning: implicit declaration of function 'krb5int_call_thread_support_init'
# errors.c:120: warning: assignment discards qualifiers from pointer target type
# errors.c: In function 'krb5int_clear_error':
# errors.c:146: warning: passing argument 2 of 'krb5int_free_error' discards qualifiers from pointer target type
#
--- util/support/errors.c
+++ util/support/errors.c 2006/06/21 07:36:30
@@ -31,6 +31,9 @@
{
return k5_mutex_finish_init (&krb5int_error_info_support_mutex);
}
+
+extern int krb5int_call_thread_support_init(void);
+
#define initialize() krb5int_call_thread_support_init()
#define lock() k5_mutex_lock(&krb5int_error_info_support_mutex)
#define unlock() k5_mutex_unlock(&krb5int_error_info_support_mutex)
@@ -49,7 +52,7 @@
const char *fmt, va_list args)
{
if (ep->msg && ep->msg != ep->scratch_buf) {
- free (ep->msg);
+ free ((char*)ep->msg);
ep->msg = NULL;
}
ep->code = code;
@@ -73,7 +76,7 @@
if (code != ep->code)
krb5int_clear_error (ep);
if (ep->msg) {
- r = ep->msg;
+ r = (char*)ep->msg;
ep->msg = NULL;
return r;
}
@@ -117,7 +120,7 @@
sprintf (ep->scratch_buf, _("error %ld"), code);
return ep->scratch_buf;
}
- r = fptr(code);
+ r = (char*)fptr(code);
if (r == NULL) {
unlock();
goto format_number;
@@ -143,7 +146,7 @@
void
krb5int_clear_error (struct errinfo *ep)
{
- krb5int_free_error (ep, ep->msg);
+ krb5int_free_error (ep, (char*)ep->msg);
ep->msg = NULL;
}
--- util/support/threads.c
+++ util/support/threads.c 2006/06/21 07:25:22
@@ -36,6 +36,8 @@
MAKE_INIT_FUNCTION(krb5int_thread_support_init);
MAKE_FINI_FUNCTION(krb5int_thread_support_fini);
+extern int krb5int_err_init(void);
+
#ifndef ENABLE_THREADS /* no thread support */
static void (*destructors[K5_KEY_MAX])(void *);