rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/krb5?expand=0&rev=34

Browse Source
This commit is contained in:
OBS User unknown 2008-06-23 02:16:38 +00:00 committed by Git OBS Bridge
parent 7a79e440be
commit 7128383f1b
13 changed files with 239 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
krb5-1.4-fix-segfault.dif
View File

@ -1,5 +1,7 @@
--- src/lib/krb5/krb/princ_comp.c 2002-09-02 21:13:46.000000000 -0400
+++ src/lib/krb5/krb/princ_comp.c 2005-06-29 13:56:55.000000000 -0400
Index: src/lib/krb5/krb/princ_comp.c
===================================================================
--- src/lib/krb5/krb/princ_comp.c.orig
+++ src/lib/krb5/krb/princ_comp.c
@@ -33,6 +33,13 @@
krb5_boolean KRB5_CALLCONV
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
@ -12,9 +14,9 @@
+ return FALSE;
+
if (krb5_princ_realm(context, princ1)->length !=
krb5_princ_realm(context, princ2)->length ||
memcmp (krb5_princ_realm(context, princ1)->data,
@@ -49,6 +56,9 @@
krb5_princ_realm(context, princ2)->length ||
memcmp (krb5_princ_realm(context, princ1)->data,
@@ -49,6 +56,9 @@ krb5_principal_compare(krb5_context cont
register int i;
krb5_int32 nelem;
@ -23,4 +25,4 @@
+
nelem = krb5_princ_size(context, princ1);
if (nelem != krb5_princ_size(context, princ2))
return FALSE;
return FALSE;

1
krb5-1.6.1-rpmlintrc
View File

@ -1 +0,0 @@
addFilter("krb5 devel-file-in-non-devel-package .*/usr/lib/libgssapi_krb5.so")

111
krb5-1.6.3-case-insensitive.dif Normal file
View File

@ -0,0 +1,111 @@
Index: src/include/k5-int.h
===================================================================
--- src/include/k5-int.h.orig
+++ src/include/k5-int.h
@@ -1253,6 +1253,11 @@ struct _krb5_context {
#define KRB5_LIBOPT_SYNC_KDCTIME 0x0001
+#ifdef __CI_PRINC__
+#define KRB5_LIBOPT_CASE_INSENSITIVE 0x0002
+#define KRB5_LIBOPT_RD_REQ_TRY_HOST_SPN 0x0004
+#endif
+
/* internal message representations */
typedef struct _krb5_safe {
Index: src/lib/krb5/krb/init_ctx.c
===================================================================
--- src/lib/krb5/krb/init_ctx.c.orig
+++ src/lib/krb5/krb/init_ctx.c
@@ -222,6 +222,16 @@ init_common (krb5_context *context, krb5
&tmp);
ctx->library_options = tmp ? KRB5_LIBOPT_SYNC_KDCTIME : 0;
+#ifdef __CI_PRINC__
+#define DEFAULT_CASE_SENSITIVE 1
+ profile_get_boolean(ctx->profile, "libdefaults",
+ "case_sensitive", 0, DEFAULT_CASE_SENSITIVE,
+ &tmp);
+ if (tmp == 0)
+ ctx->library_options |= KRB5_LIBOPT_CASE_INSENSITIVE;
+
+#endif /* __CI_PRINC__ */
+
/*
* We use a default file credentials cache of 3. See
* lib/krb5/krb/ccache/file/fcc.h for a description of the
Index: src/lib/krb5/krb/princ_comp.c
===================================================================
--- src/lib/krb5/krb/princ_comp.c.orig
+++ src/lib/krb5/krb/princ_comp.c
@@ -33,13 +33,35 @@
krb5_boolean KRB5_CALLCONV
krb5_realm_compare(krb5_context context, krb5_const_principal princ1, krb5_const_principal princ2)
{
+ krb5_boolean ret;
+
if ((princ1 == NULL) || (princ2 == NULL))
return FALSE;
if ((krb5_princ_realm(context, princ1) == NULL) ||
(krb5_princ_realm(context, princ2) == NULL))
return FALSE;
+#ifdef __CI_PRINC__
+ /* XXX this needs to be Unicode-aware */
+
+ if (krb5_princ_realm(context, princ1)->length !=
+ krb5_princ_realm(context, princ2)->length) {
+ /* NB this test won't be necessarily correct for UTF-8 */
+ return FALSE;
+ }
+
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE) {
+ ret = (strncasecmp (krb5_princ_realm(context, princ1)->data,
+ krb5_princ_realm(context, princ2)->data,
+ krb5_princ_realm(context, princ2)->length) == 0);
+ } else {
+ ret = (memcmp (krb5_princ_realm(context, princ1)->data,
+ krb5_princ_realm(context, princ2)->data,
+ krb5_princ_realm(context, princ2)->length) == 0);
+ }
+ return ret;
+#else
if (krb5_princ_realm(context, princ1)->length !=
krb5_princ_realm(context, princ2)->length ||
memcmp (krb5_princ_realm(context, princ1)->data,
@@ -48,6 +70,7 @@ krb5_realm_compare(krb5_context context,
return FALSE;
return TRUE;
+#endif /* __CI_PRINC__ */
}
krb5_boolean KRB5_CALLCONV
@@ -69,9 +92,25 @@ krb5_principal_compare(krb5_context cont
for (i = 0; i < (int) nelem; i++) {
register const krb5_data *p1 = krb5_princ_component(context, princ1, i);
register const krb5_data *p2 = krb5_princ_component(context, princ2, i);
+#ifdef __CI_PRINC__
+ /* XXX this needs to be Unicode-aware */
+ krb5_boolean ret;
+
+ if (p1->length != p2->length)
+ return FALSE;
+
+ if (context->library_options & KRB5_LIBOPT_CASE_INSENSITIVE)
+ ret = (strncasecmp(p1->data, p2->data, p1->length) == 0);
+ else
+ ret = (memcmp(p1->data, p2->data, p1->length) == 0);
+
+ if (ret == FALSE)
+ return ret;
+#else
if (p1->length != p2->length ||
memcmp(p1->data, p2->data, p1->length))
return FALSE;
+#endif /* __CI_PRINC__ */
}
return TRUE;
}

22
krb5-1.6.3-ktutil-manpage.dif Normal file
View File

@ -0,0 +1,22 @@
Index: krb5-1.6.3/src/kadmin/ktutil/ktutil.M
===================================================================
--- krb5-1.6.3.orig/src/kadmin/ktutil/ktutil.M
+++ krb5-1.6.3/src/kadmin/ktutil/ktutil.M
@@ -63,5 +63,17 @@ Quits
Aliases:
.BR exit ,
.BR q .
+.SH REMARKS
+Changes to the keytab are appended to the keytab file (i.e., the keytab file
+is never overwritten). To directly modify a keytab, save the changes to a
+temporary file and then overwrite the keytab file of interest.
+.TP
+.nf
+Example:
+ktutil> rkt /etc/krb5.keytab
+(modifications to keytab)
+ktutil> wkt /tmp/krb5.newtab
+ktutil> q
+# mv /tmp/krb5.newtab /etc/krb5.keytab
.SH SEE ALSO
kadmin(8), kdb5_util(8)

2
krb5-1.6.3-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter("devel-file-in-non-devel-package .*libgssapi_krb5.so")
addFilter("hidden-file-or-dir .*/usr/share/man/man5/.k5login.5.gz")

2
krb5-doc-1.6.3-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter("files-duplicate .*css")
addFilter("files-duplicate .*img.*png")

5
krb5-doc.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Jun 18 15:34:16 CEST 2008 - mc@suse.de
- reduce rpmlint warnings
-------------------------------------------------------------------
Tue Oct 23 10:29:23 CEST 2007 - mc@suse.de

46
krb5-doc.spec
View File

@ -14,7 +14,7 @@
Name: krb5-doc
BuildRequires: ghostscript-library latex2html texlive
Version: 1.6.3
Release: 77
Release: 84
%define srcRoot krb5-1.6.3
Summary: MIT Kerberos5 Implementation--Documentation
License: X11/MIT
@ -23,6 +23,7 @@ Group: Documentation/Other
Source: krb5-1.6.3.tar.bz2
Source1: README.Source
Source2: Makefile.kadm5
Source3: %{name}-%{version}-rpmlintrc
Patch0: krb5-1.3.5-perlfix.dif
Patch1: krb5-1.6.3-texi2dvi-fix.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
@ -52,7 +53,6 @@ cp %{_sourcedir}/Makefile.kadm5 %{_builddir}/%{srcRoot}/doc/kadm5/Makefile
%build
%install
rm -rf %{buildroot}
cd doc
mkdir -p html
make
@ -80,6 +80,46 @@ rm -f %{buildroot}/usr/share/man/man1/tmac.doc*
rm -f /usr/share/man/man1/tmac.doc*
rm -rf /usr/lib/mit/share
rm -rf %{buildroot}/usr/lib/mit/share
rm -f doc/html/*/WARNINGS
rm -f doc/html/*/images.aux
rm -f doc/html/*/labels.pl
# check for duplicate files and replace them with a link
cd doc/html/api-funcspec
if cmp --quiet api-funcspec.html index.html ; then
rm -f index.html
ln -s api-funcspec.html index.html
fi
cd ../library
if cmp --quiet library.html index.html ; then
rm -f index.html
ln -s library.html index.html
fi
cd ../api-server-design
if cmp --quiet api-server-design.html index.html ; then
rm -f index.html
ln -s api-server-design.html index.html
fi
cd ../adb-unit-test
if cmp --quiet adb-unit-test.html index.html ; then
rm -f index.html
ln -s adb-unit-test.html index.html
fi
cd ../api-unit-test
if cmp --quiet api-unit-test.html index.html ; then
rm -f index.html
ln -s api-unit-test.html index.html
fi
cd ../libdes
if cmp --quiet libdes.html index.html ; then
rm -f index.html
ln -s libdes.html index.html
fi
cd ../implement
if cmp --quiet implement.html index.html ; then
rm -f index.html
ln -s implement.html index.html
fi
cd ../..
%clean
rm -rf %{buildroot}
@ -91,6 +131,8 @@ rm -rf %{buildroot}
%doc doc/html
%changelog
* Wed Jun 18 2008 mc@suse.de
- reduce rpmlint warnings
* Tue Oct 23 2007 mc@suse.de
- update to krb5 version 1.6.3
* fix CVE-2007-3999, CVE-2007-4743 svc_auth_gss.c buffer overflow

2
krb5-plugins-1.6.3-rpmlintrc Normal file
View File

@ -0,0 +1,2 @@
addFilter("devel-file-in-non-devel-package .*libkdb_ldap.so")
addFilter("shlib-policy-missing-suffix")

5
krb5-plugins.changes
View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Wed Jun 18 15:33:18 CEST 2008 - mc@suse.de
- reduce rpmlint warnings
-------------------------------------------------------------------
Tue Dec 4 16:36:43 CET 2007 - mc@suse.de

19
krb5-plugins.spec
View File

@ -14,7 +14,7 @@
Name: krb5-plugins
Version: 1.6.3
Release: 8
Release: 10
BuildRequires: bison krb5-devel ncurses-devel openldap2-devel
%define srcRoot krb5-1.6.3
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
@ -29,6 +29,7 @@ Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Source5: %{name}-%{version}-rpmlintrc
Source10: krb5-trunk-manpaths.txt
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.6.1-compile_pie.dif
@ -57,6 +58,8 @@ Patch39: krb5-1.6-MITKRB5-SA-2008-001.dif
Patch40: krb5-1.6-MITKRB5-SA-2008-002.dif
Patch41: krb5-trunk-kpasswd_tcp.patch
Patch42: krb5-trunk-seqnum.patch
Patch43: krb5-1.6.3-case-insensitive.dif
Patch44: krb5-1.6.3-ktutil-manpage.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
%description
@ -152,6 +155,8 @@ fi
%patch40
%patch41
%patch42
%patch43
%patch44 -p1
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
# Rename the man pages so that they'll get generated correctly.
pushd src
@ -164,7 +169,7 @@ popd
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE -fPIC " \
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -I/usr/include -I%{_builddir}/%{srcRoot}/src/lib/ -fno-strict-aliasing -D_GNU_SOURCE -D__CI_PRINC__ -fPIC " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
@ -232,11 +237,11 @@ rm -rf %{buildroot}/usr/lib/mit/share
# krb5 pre/post/postun
#####################################################
%post -n krb5-plugin-kdb-ldap
%run_ldconfig
%post -n krb5-plugin-kdb-ldap
/sbin/ldconfig
%postun -n krb5-plugin-kdb-ldap
%run_ldconfig
%postun -n krb5-plugin-kdb-ldap
/sbin/ldconfig
%clean
rm -rf %{buildroot}
@ -266,6 +271,8 @@ rm -rf %{buildroot}
%{_libdir}/krb5/plugins/preauth/pkinit.so
%changelog
* Wed Jun 18 2008 mc@suse.de
- reduce rpmlint warnings
* Tue Dec 04 2007 mc@suse.de
- improve GSSAPI error messages
* Tue Oct 23 2007 mc@suse.de

7
krb5.changes
View File

@ -1,3 +1,10 @@
-------------------------------------------------------------------
Wed Jun 18 15:30:18 CEST 2008 - mc@suse.de
- add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings
-------------------------------------------------------------------
Wed May 14 17:44:59 CEST 2008 - mc@suse.de

26
krb5.spec
View File

@ -13,7 +13,7 @@
Name: krb5
Version: 1.6.3
Release: 47
Release: 52
BuildRequires: bison libcom_err-devel ncurses-devel
%if %{suse_version} > 1010
BuildRequires: keyutils keyutils-devel
@ -32,7 +32,7 @@ Source1: vendor-files.tar.bz2
Source2: README.Source
Source3: spx.c
Source4: EncryptWithMasterKey.c
Source5: krb5-1.6.1-rpmlintrc
Source5: %{name}-%{version}-rpmlintrc
Source10: krb5-trunk-manpaths.txt
Patch1: krb5-1.5.1-fix-too-few-arguments.dif
Patch2: krb5-1.6.1-compile_pie.dif
@ -61,8 +61,11 @@ Patch39: krb5-1.6-MITKRB5-SA-2008-001.dif
Patch40: krb5-1.6-MITKRB5-SA-2008-002.dif
Patch41: krb5-trunk-kpasswd_tcp.patch
Patch42: krb5-trunk-seqnum.patch
Patch43: krb5-1.6.3-case-insensitive.dif
Patch44: krb5-1.6.3-ktutil-manpage.dif
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
%description
Kerberos V5 is a trusted-third-party network authentication system,
@ -107,6 +110,7 @@ Group: Productivity/Networking/Security
Provides: heimdal
Obsoletes: heimdal
Requires: perl-Date-Calc
Requires: logrotate cron
PreReq: %insserv_prereq %fillup_prereq
%description server
@ -228,6 +232,8 @@ fi
%patch40
%patch41
%patch42
%patch43
%patch44 -p1
cp %{_sourcedir}/EncryptWithMasterKey.c %{_builddir}/%{srcRoot}/src/kadmin/dbutil/EncryptWithMasterKey.c
# Rename the man pages so that they'll get generated correctly.
pushd src
@ -240,7 +246,7 @@ popd
cd src
%{?suse_update_config:%{suse_update_config -f}}
./util/reconf
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPIC " \
CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -D__CI_PRINC__ -fPIC " \
./configure \
--prefix=/usr/lib/mit \
--sysconfdir=%{_sysconfdir} \
@ -354,8 +360,8 @@ then
fi
fi
%post
%run_ldconfig
%post
/sbin/ldconfig
if [ -e var/adm/fillup-templates/heimdal-update ]
then
/usr/lib/mit/helper/simple_convert_krb5conf.pl
@ -367,8 +373,8 @@ then
mv etc/krb5.conf.rpmnew etc/krb5.conf
fi
%postun
%run_ldconfig
%postun
/sbin/ldconfig
#####################################################
# krb5-server preun/postun
#####################################################
@ -546,6 +552,10 @@ rm -rf %{buildroot}
%{_mandir}/man1/krb5-config.1*
%changelog
* Wed Jun 18 2008 mc@suse.de
- add case-insensitive.dif (FATE#300771)
- minor fixes for ktutil man page
- reduce rpmlint warnings
* Wed May 14 2008 mc@suse.de
- Fall back to TCP on kdc-unresolvable/unreachable errors.
- restore valid sequence number before generating requests