rpm/krb5
SHA256
1
0
Fork 0
forked from pool/krb5
Code Pull Requests Activity

Accepting request 79466 from home:mcalmer:branches:network

Browse Source 
- add patches from Fedora and upstream 
- fix init scripts (bnc#689006)

- update to version 1.9.1
  * obsolete patches:
    MITKRB5-SA-2010-007-1.8.dif
    krb5-1.8-MITKRB5-SA-2010-006.dif
    krb5-1.8-MITKRB5-SA-2011-001.dif
    krb5-1.8-MITKRB5-SA-2011-002.dif
    krb5-1.8-MITKRB5-SA-2011-003.dif
    krb5-1.8-MITKRB5-SA-2011-004.dif
    krb5-1.4.3-enospc.dif
  * replace krb5-1.6.1-compile_pie.dif

- fix init scripts (bnc#689006)

OBS-URL: https://build.opensuse.org/request/show/79466
OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=46
This commit is contained in:
Michael Calmer 2011-08-22 08:19:13 +00:00 committed by Git OBS Bridge
parent c4923edfdd
commit da75d9099c
6 changed files with 69 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
krb5-mini.changes
View File

@ -1,4 +1,23 @@
-------------------------------------------------------------------
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
- add patches from Fedora and upstream
- fix init scripts (bnc#689006)
-------------------------------------------------------------------
Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com
- update to version 1.9.1
* obsolete patches:
MITKRB5-SA-2010-007-1.8.dif
krb5-1.8-MITKRB5-SA-2010-006.dif
krb5-1.8-MITKRB5-SA-2011-001.dif
krb5-1.8-MITKRB5-SA-2011-002.dif
krb5-1.8-MITKRB5-SA-2011-003.dif
krb5-1.8-MITKRB5-SA-2011-004.dif
krb5-1.4.3-enospc.dif
* replace krb5-1.6.1-compile_pie.dif
-------------------------------------------------------------------
Thu Apr 14 11:33:18 CEST 2011 - mc@suse.de
- fix kadmind invalid pointer free()

73
krb5-mini.spec
View File

@ -1,5 +1,5 @@
#
# spec file for package krb5-mini
# spec file for package krb5
#
# Copyright (c) 2011 SUSE LINUX Products GmbH, Nuernberg, Germany.
#
@ -18,7 +18,7 @@
# norootforbuild
%define build_mini 1
%define srcRoot krb5-1.8.3
%define srcRoot krb5-1.9.1
%define vendorFiles %{_builddir}/%{srcRoot}/vendor-files/
%define krb5docdir %{_defaultdocdir}/krb5
@ -27,10 +27,12 @@ License: MIT License (or similar)
Url: http://web.mit.edu/kerberos/www/
BuildRequires: bison libcom_err-devel ncurses-devel
BuildRequires: keyutils keyutils-devel
Version: 1.8.3
Release: 6
BuildRequires: libselinux-devel
Version: 1.9.1
Release: 19
%if ! 0%{?build_mini}
BuildRequires: libopenssl-devel openldap2-devel
BuildRequires: pam-devel
# bug437293
%ifarch ppc64
Obsoletes: krb5-64bit
@ -42,25 +44,33 @@ Group: Productivity/Networking/Security
Summary: MIT Kerberos5 Implementation--Libraries
Group: Productivity/Networking/Security
%endif
Source: krb5-1.8.3.tar.bz2
Source: krb5-1.9.1.tar.bz2
Source1: vendor-files.tar.bz2
Source2: baselibs.conf
Source5: krb5-%{version}-rpmlintrc
Source10: krb5-1.7-manpaths.txt
Patch1: krb5-1.6.1-compile_pie.dif
Patch2: krb5-1.6.3-kprop-use-mkstemp.dif
Patch3: krb5-1.7-manpaths.dif
Patch4: krb5-1.4.3-enospc.dif
Source5: krb5-rpmlintrc
Source10: krb5-1.8-manpaths.txt
Patch1: krb5-1.9-buildconf.patch
Patch3: krb5-1.9-manpaths.dif
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch6: krb5-1.6.3-kpasswd_tcp.patch
Patch7: krb5-1.6.3-ktutil-manpage.dif
Patch8: krb5-1.6.3-fix-ipv6-query.dif
Patch12: krb5-1.8-MITKRB5-SA-2010-006.dif
Patch13: MITKRB5-SA-2010-007-1.8.dif
Patch14: krb5-1.8-MITKRB5-SA-2011-001.dif
Patch15: krb5-1.8-MITKRB5-SA-2011-002.dif
Patch16: krb5-1.8-MITKRB5-SA-2011-003.dif
Patch17: krb5-1.8-MITKRB5-SA-2011-004.dif
Patch10: krb5-1.7-doublelog.patch
Patch11: krb5-1.7-nodeplibs.patch
Patch12: krb5-1.8-api.patch
Patch13: krb5-1.8-pam.patch
Patch14: krb5-1.9.1-ai_addrconfig.patch
Patch15: krb5-1.9.1-ai_addrconfig2.patch
Patch16: krb5-1.9.1-sendto_poll.patch
Patch17: krb5-1.9-canonicalize-fallback.patch
Patch18: krb5-1.9-kprop-mktemp.patch
Patch19: krb5-1.9-ksu-path.patch
Patch20: krb5-1.9-paren.patch
Patch21: krb5-1.9-selinux-label.patch
Patch22: krb5-klist_s.patch
Patch23: krb5-pkinit-cms2.patch
Patch24: krb5-trunk-chpw-err.patch
Patch25: krb5-trunk-gss_delete_sec.patch
Patch26: krb5-trunk-kadmin-oldproto.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-build
PreReq: mktemp, grep, /bin/touch, coreutils
PreReq: %insserv_prereq %fillup_prereq
@ -200,20 +210,28 @@ Authors:
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
%patch1
%patch2
%patch13 -p1
%patch3 -p1
%patch4 -p1
%patch21 -p1
%patch1 -p1
%patch5 -p1
%patch6
%patch7 -p1
%patch8 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1
%patch13 -p1
%patch14 -p1
%patch15 -p0
%patch16 -p1
%patch14
%patch15
%patch16
%patch17 -p1
%patch18 -p1
%patch19 -p1
%patch20 -p1
%patch22 -p1
%patch23 -p1
%patch24
%patch25 -p1
%patch26
# Rename the man pages so that they'll get generated correctly.
pushd src
cat %{SOURCE10} | while read manpage ; do
@ -242,6 +260,9 @@ CFLAGS="$RPM_OPT_FLAGS -I/usr/include/et -fno-strict-aliasing -D_GNU_SOURCE -fPI
--disable-rpath \
%if ! %{build_mini}
--with-ldap \
--with-pam \
--enable-pkinit \
--with-selinux \
%else
--disable-pkinit \
%endif

233
krb5-trunk-kpasswd_tcp2.patch
View File

@ -1,233 +0,0 @@
Use a list of disconnected and connected sockets to talk to kpasswd
servers, so we automatically try TCP if we fail to change the password
UDP, or if the UDP-based server is just slow.
This patch looks big, but most of it's actually whitespace because
most of the logic is no longer called as part of a loop with UDP and
TCP being used in different iterations. RT #5868.
Index: src/lib/krb5/os/changepw.c
===================================================================
--- src/lib/krb5/os/changepw.c (revision 20199)
+++ src/lib/krb5/os/changepw.c (working copy)
@@ -199,14 +199,14 @@
krb5_address remote_kaddr;
krb5_boolean useTcp = 0;
GETSOCKNAME_ARG3_TYPE addrlen;
- krb5_error_code code = 0;
+ krb5_error_code code = 0, code2 = 0;
char *code_string;
- int local_result_code;
+ int local_result_code, i;
struct sendto_callback_context callback_ctx;
struct sendto_callback_info callback_info;
struct sockaddr_storage remote_addr;
- struct addrlist al = ADDRLIST_INIT;
+ struct addrlist al = ADDRLIST_INIT, al2 = ADDRLIST_INIT;
memset( &callback_ctx, 0, sizeof(struct sendto_callback_context));
callback_ctx.context = context;
@@ -225,109 +225,104 @@
&callback_ctx.ap_req)))
goto cleanup;
- do {
- if ((code = krb5_locate_kpasswd(callback_ctx.context,
- krb5_princ_realm(callback_ctx.context,
- creds->server),
- &al, useTcp)))
- break;
-
+ code = krb5_locate_kpasswd(callback_ctx.context,
+ krb5_princ_realm(callback_ctx.context,
+ creds->server),
+ &al, useTcp);
+ code2 = krb5_locate_kpasswd(callback_ctx.context,
+ krb5_princ_realm(callback_ctx.context,
+ creds->server),
+ &al2, !useTcp);
+ if ((al.naddrs + al2.naddrs) == 0) {
+ if (!code)
+ code = code2 ? code2 : KRB5_REALM_CANT_RESOLVE;
+ goto cleanup;
+ }
+
+ if (al2.naddrs > 0) {
+ if (krb5int_grow_addrlist(&al, al2.naddrs))
+ goto cleanup;
+ for (i = 0; i < al2.naddrs; i++)
+ al.addrs[al.naddrs++] = al2.addrs[i];
+ al2.naddrs = 0;
+ }
+
- addrlen = sizeof(remote_addr);
-
- callback_info.context = (void*) &callback_ctx;
- callback_info.pfn_callback = kpasswd_sendto_msg_callback;
- callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
-
- if ((code = krb5int_sendto(callback_ctx.context,
- NULL,
- &al,
- &callback_info,
- &chpw_rep,
- NULL,
- NULL,
- ss2sa(&remote_addr),
- &addrlen,
- NULL,
- NULL,
- NULL
- ))) {
-
- /*
- * Here we may want to switch to TCP on some errors.
- * right?
- */
- break;
- }
-
+ addrlen = sizeof(remote_addr);
+
+ callback_info.context = (void*) &callback_ctx;
+ callback_info.pfn_callback = kpasswd_sendto_msg_callback;
+ callback_info.pfn_cleanup = kpasswd_sendto_msg_cleanup;
+
+ if ((code = krb5int_sendto(callback_ctx.context,
+ NULL,
+ &al,
+ &callback_info,
+ &chpw_rep,
+ NULL,
+ NULL,
+ ss2sa(&remote_addr),
+ &addrlen,
+ NULL,
+ NULL,
+ NULL
+ )))
+ goto cleanup;
+
- remote_kaddr.addrtype = ADDRTYPE_INET;
- remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
- remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
-
- if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
- callback_ctx.auth_context,
- NULL,
- &remote_kaddr)))
- break;
-
+ remote_kaddr.addrtype = ADDRTYPE_INET;
+ remote_kaddr.length = sizeof(ss2sin(&remote_addr)->sin_addr);
+ remote_kaddr.contents = (krb5_octet *) &ss2sin(&remote_addr)->sin_addr;
+
+ if ((code = krb5_auth_con_setaddrs(callback_ctx.context,
+ callback_ctx.auth_context,
+ NULL,
+ &remote_kaddr)))
+ goto cleanup;
+
- if (set_password_for)
- code = krb5int_rd_setpw_rep(callback_ctx.context,
- callback_ctx.auth_context,
- &chpw_rep,
- &local_result_code,
- result_string);
- else
- code = krb5int_rd_chpw_rep(callback_ctx.context,
- callback_ctx.auth_context,
- &chpw_rep,
- &local_result_code,
- result_string);
-
- if (code) {
- if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
- krb5int_free_addrlist (&al);
- useTcp = 1;
- continue;
- }
-
- break;
- }
-
- if (result_code)
- *result_code = local_result_code;
-
+ if (set_password_for)
+ code = krb5int_rd_setpw_rep(callback_ctx.context,
+ callback_ctx.auth_context,
+ &chpw_rep,
+ &local_result_code,
+ result_string);
+ else
+ code = krb5int_rd_chpw_rep(callback_ctx.context,
+ callback_ctx.auth_context,
+ &chpw_rep,
+ &local_result_code,
+ result_string);
+
+ if (code)
+ goto cleanup;
+
+ if (result_code)
+ *result_code = local_result_code;
+
- if (result_code_string) {
- if (set_password_for)
- code = krb5int_setpw_result_code_string(callback_ctx.context,
- local_result_code,
- (const char **)&code_string);
- else
- code = krb5_chpw_result_code_string(callback_ctx.context,
- local_result_code,
- &code_string);
- if(code)
- goto cleanup;
-
- result_code_string->length = strlen(code_string);
- result_code_string->data = malloc(result_code_string->length);
- if (result_code_string->data == NULL) {
- code = ENOMEM;
- goto cleanup;
- }
- strncpy(result_code_string->data, code_string, result_code_string->length);
- }
-
- if (code == KRB5KRB_ERR_RESPONSE_TOO_BIG && !useTcp ) {
- krb5int_free_addrlist (&al);
- useTcp = 1;
- } else {
- break;
- }
- } while (TRUE);
+ if (result_code_string) {
+ if (set_password_for)
+ code = krb5int_setpw_result_code_string(callback_ctx.context,
+ local_result_code,
+ (const char **) &code_string);
+ else
+ code = krb5_chpw_result_code_string(callback_ctx.context,
+ local_result_code,
+ &code_string);
+ if (code)
+ goto cleanup;
+
+ result_code_string->length = strlen(code_string);
+ result_code_string->data = malloc(result_code_string->length);
+ if (result_code_string->data == NULL) {
+ code = ENOMEM;
+ goto cleanup;
+ }
+ strncpy(result_code_string->data, code_string, result_code_string->length);
+ }
cleanup:
if (callback_ctx.auth_context != NULL)
krb5_auth_con_free(callback_ctx.context, callback_ctx.auth_context);
+ krb5int_free_addrlist (&al2);
krb5int_free_addrlist (&al);
krb5_free_data_contents(callback_ctx.context, &callback_ctx.ap_req);

1
krb5.changes
View File

@ -2,6 +2,7 @@
Sun Aug 21 09:37:01 UTC 2011 - mc@novell.com
- add patches from Fedora and upstream
- fix init scripts (bnc#689006)
-------------------------------------------------------------------
Fri Aug 19 15:48:35 UTC 2011 - mc@novell.com

4
krb5.spec
View File

@ -50,12 +50,10 @@ Source2: baselibs.conf
Source5: krb5-rpmlintrc
Source10: krb5-1.8-manpaths.txt
Patch1: krb5-1.9-buildconf.patch
#Patch2: krb5-1.6.3-kprop-use-mkstemp.dif
Patch3: krb5-1.9-manpaths.dif
Patch5: krb5-1.6.3-gssapi_improve_errormessages.dif
Patch6: krb5-1.6.3-kpasswd_tcp.patch
Patch7: krb5-1.6.3-ktutil-manpage.dif
#Patch8: krb5-1.6.3-fix-ipv6-query.dif
Patch10: krb5-1.7-doublelog.patch
Patch11: krb5-1.7-nodeplibs.patch
Patch12: krb5-1.8-api.patch
@ -212,7 +210,6 @@ Authors:
%prep
%setup -q -n %{srcRoot}
%setup -a 1 -T -D -n %{srcRoot}
#%patch2
%patch13 -p1
%patch3 -p1
%patch21 -p1
@ -220,7 +217,6 @@ Authors:
%patch5 -p1
%patch6
%patch7 -p1
#%patch8 -p1
%patch10 -p1
%patch11 -p1
%patch12 -p1

4
vendor-files.tar.bz2
View File

@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:7d61e2ba73a57830342b6bb32c7c0ee3c0bd84cf2ae865c86d7f28dd0edc62c5
size 182064
oid sha256:f3ddbe33faa51dc418985ce06509394c23144a7eb3ddaae495f70a28203ad31a
size 182094