84f939323f
obsolte patches: * krb5-1.7-nodeplibs.patch * krb5-1.9.1-ai_addrconfig.patch * krb5-1.9.1-ai_addrconfig2.patch * krb5-1.9.1-sendto_poll.patch * krb5-1.9-canonicalize-fallback.patch * krb5-1.9-paren.patch * krb5-klist_s.patch * krb5-pkinit-cms2.patch * krb5-trunk-chpw-err.patch * krb5-trunk-gss_delete_sec.patch * krb5-trunk-kadmin-oldproto.patch * krb5-1.9-MITKRB5-SA-2011-006.dif * krb5-1.9-gss_display_status-iakerb.patch * krb5-1.9.1-sendto_poll2.patch * krb5-1.9.1-sendto_poll3.patch * krb5-1.9-MITKRB5-SA-2011-007.dif - Fix an interop issue with Windows Server 2008 R2 Read-Only Domain Controllers. - Update a workaround for a glibc bug that would cause DNS PTR queries to occur even when rdns = false. - Fix a kadmind denial of service issue (null pointer dereference), which could only be triggered by an administrator with the "create" privilege. [CVE-2012-1013] - Fix access controls for KDB string attributes [CVE-2012-1012] - Make the ASN.1 encoding of key version numbers interoperate with Windows Read-Only Domain Controllers - Avoid generating spurious password expiry warnings in cases where the KDC sends an account expiry time without a password expiry time OBS-URL: https://build.opensuse.org/package/show/network/krb5?expand=0&rev=65
209 lines
7.9 KiB
Plaintext
209 lines
7.9 KiB
Plaintext
Change the absolute paths included in the man pages so that the correct
|
|
values can be dropped in by config.status. After applying this patch,
|
|
these files should be renamed to their ".in" counterparts, and then the
|
|
configure scripts should be rebuilt. Originally RT#6525
|
|
|
|
Index: krb5-1.10.2/src/aclocal.m4
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/aclocal.m4
|
|
+++ krb5-1.10.2/src/aclocal.m4
|
|
@@ -1743,3 +1743,24 @@ AC_SUBST(PAM_LIBS)
|
|
AC_SUBST(PAM_MAN)
|
|
AC_SUBST(NON_PAM_MAN)
|
|
])dnl
|
|
+AC_DEFUN(V5_AC_OUTPUT_MANPAGE,[
|
|
+mansysconfdir=$sysconfdir
|
|
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$prefix,g"`
|
|
+mansysconfdir=`eval echo $mansysconfdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+mansbindir=$sbindir
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$exec_prefix,g"`
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$prefix,g"`
|
|
+mansbindir=`eval echo $mansbindir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+manlocalstatedir=$localstatedir
|
|
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$prefix,g"`
|
|
+manlocalstatedir=`eval echo $manlocalstatedir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+manlibexecdir=$libexecdir
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$exec_prefix,g"`
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$prefix,g"`
|
|
+manlibexecdir=`eval echo $manlibexecdir | sed -e "s,NONE,$ac_default_prefix,g"`
|
|
+AC_SUBST(mansysconfdir)
|
|
+AC_SUBST(mansbindir)
|
|
+AC_SUBST(manlocalstatedir)
|
|
+AC_SUBST(manlibexecdir)
|
|
+AC_CONFIG_FILES($1)
|
|
+])
|
|
Index: krb5-1.10.2/src/configure.in
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/configure.in
|
|
+++ krb5-1.10.2/src/configure.in
|
|
@@ -1249,6 +1249,17 @@ AC_SUBST(localedir)
|
|
KRB5_WITH_PAM
|
|
|
|
AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config])
|
|
+
|
|
+V5_AC_OUTPUT_MANPAGE([
|
|
+ appl/sample/sserver/sserver.M
|
|
+ config-files/kdc.conf.M
|
|
+ config-files/krb5.conf.M
|
|
+ gen-manpages/kerberos.M
|
|
+ kadmin/cli/kadmin.M
|
|
+ slave/kpropd.M
|
|
+ slave/kprop.M
|
|
+])
|
|
+
|
|
V5_AC_OUTPUT_MAKEFILE(.
|
|
|
|
util util/support util/profile util/profile/testmod util/send-pr
|
|
Index: krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/appl/sample/sserver/sserver.M
|
|
+++ krb5-1.10.2/src/appl/sample/sserver/sserver.M
|
|
@@ -59,7 +59,7 @@ option allows for a different keytab tha
|
|
using a line in
|
|
/etc/inetd.conf that looks like this:
|
|
.PP
|
|
-sample stream tcp nowait root /usr/local/sbin/sserver sserver
|
|
+sample stream tcp nowait root @mansbindir@/sserver sserver
|
|
.PP
|
|
Since \fBsample\fP is normally not a port defined in /etc/services, you will
|
|
usually have to add a line to /etc/services which looks like this:
|
|
Index: krb5-1.10.2/src/config-files/kdc.conf.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/config-files/kdc.conf.M
|
|
+++ krb5-1.10.2/src/config-files/kdc.conf.M
|
|
@@ -92,14 +92,14 @@ This
|
|
.B string
|
|
specifies the location of the access control list (acl) file that
|
|
kadmin uses to determine which principals are allowed which permissions
|
|
-on the database. The default value is /usr/local/var/krb5kdc/kadm5.acl.
|
|
+on the database. The default value is @manlocalstatedir@/krb5kdc/kadm5.acl.
|
|
|
|
.IP admin_keytab
|
|
This
|
|
.B string
|
|
Specifies the location of the keytab file that kadmin uses to
|
|
authenticate to the database. The default value is
|
|
-/usr/local/var/krb5kdc/kadm5.keytab.
|
|
+@manlocalstatedir@/krb5kdc/kadm5.keytab.
|
|
|
|
.IP database_name
|
|
This
|
|
@@ -274,7 +274,7 @@ tickets should be checked against the tr
|
|
realm names and the [capaths] section of its krb5.conf file
|
|
|
|
.SH FILES
|
|
-/usr/local/var/krb5kdc/kdc.conf
|
|
+@manlocalstatedir@/krb5kdc/kdc.conf
|
|
|
|
.SH SEE ALSO
|
|
krb5.conf(5), krb5kdc(8)
|
|
Index: krb5-1.10.2/src/config-files/krb5.conf.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/config-files/krb5.conf.M
|
|
+++ krb5-1.10.2/src/config-files/krb5.conf.M
|
|
@@ -808,6 +808,6 @@ This module implements the encrypted cha
|
|
This module implements the encrypted timestamp mechanism.
|
|
|
|
.SH FILES
|
|
-/etc/krb5.conf
|
|
+@mansysconfdir@/krb5.conf
|
|
.SH SEE ALSO
|
|
syslog(3)
|
|
Index: krb5-1.10.2/src/gen-manpages/kerberos.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/gen-manpages/kerberos.M
|
|
+++ krb5-1.10.2/src/gen-manpages/kerberos.M
|
|
@@ -125,7 +125,7 @@ default is /etc/krb5.conf.
|
|
Specifies the location of the KDC configuration file, which contains
|
|
additional configuration directives for the Key Distribution Center
|
|
daemon and associated programs. The default is
|
|
-/usr/local/var/krb5kdc/kdc.conf.
|
|
+@manlocalstatedir@/krb5kdc/kdc.conf.
|
|
.TP
|
|
.B KRB5RCACHETYPE
|
|
Specifies the default type of replay cache to use for servers. Valid
|
|
Index: krb5-1.10.2/src/kadmin/cli/kadmin.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/kadmin/cli/kadmin.M
|
|
+++ krb5-1.10.2/src/kadmin/cli/kadmin.M
|
|
@@ -924,9 +924,9 @@ option is specified, less verbose status
|
|
.RS
|
|
.TP
|
|
EXAMPLE:
|
|
-kadmin: ktremove -k /usr/local/var/krb5kdc/kadmind.keytab kadmin/admin
|
|
+kadmin: ktremove -k @manlocalstatedir@/krb5kdc/kadmind.keytab kadmin/admin
|
|
Entry for principal kadmin/admin with kvno 3 removed
|
|
- from keytab WRFILE:/usr/local/var/krb5kdc/kadmind.keytab.
|
|
+ from keytab WRFILE:@manlocalstatedir@/krb5kdc/kadmind.keytab.
|
|
kadmin:
|
|
.RE
|
|
.fi
|
|
Index: krb5-1.10.2/src/slave/kpropd.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/slave/kpropd.M
|
|
+++ krb5-1.10.2/src/slave/kpropd.M
|
|
@@ -74,7 +74,7 @@ Normally, kpropd is invoked out of
|
|
This is done by adding a line to the inetd.conf file which looks like
|
|
this:
|
|
|
|
-kprop stream tcp nowait root /usr/local/sbin/kpropd kpropd
|
|
+kprop stream tcp nowait root @mansbindir@/kpropd kpropd
|
|
|
|
However, kpropd can also run as a standalone daemon, if the
|
|
.B \-S
|
|
@@ -111,13 +111,13 @@ is used.
|
|
\fB\-f\fP \fIfile\fP
|
|
specifies the filename where the dumped principal database file is to be
|
|
stored; by default the dumped database file is KPROPD_DEFAULT_FILE
|
|
-(normally /usr/local/var/krb5kdc/from_master).
|
|
+(normally @manlocalstatedir@/krb5kdc/from_master).
|
|
.TP
|
|
.B \-p
|
|
allows the user to specify the pathname to the
|
|
.IR kdb5_util (8)
|
|
program; by default the pathname used is KPROPD_DEFAULT_KDB5_UTIL
|
|
-(normally /usr/local/sbin/kdb5_util).
|
|
+(normally @mansbindir@/kdb5_util).
|
|
.TP
|
|
.B \-S
|
|
turn on standalone mode. Normally, kpropd is invoked out of
|
|
@@ -148,14 +148,14 @@ mode.
|
|
allows the user to specify the path to the
|
|
kpropd.acl
|
|
file; by default the path used is KPROPD_ACL_FILE
|
|
-(normally /usr/local/var/krb5kdc/kpropd.acl).
|
|
+(normally @manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
.SH FILES
|
|
.TP "\w'kpropd.acl\ \ 'u"
|
|
kpropd.acl
|
|
Access file for
|
|
.BR kpropd ;
|
|
the default location is KPROPD_ACL_FILE (normally
|
|
-/usr/local/var/krb5kdc/kpropd.acl).
|
|
+@manlocalstatedir@/krb5kdc/kpropd.acl).
|
|
Each entry is a line containing the principal of a host from which the
|
|
local machine will allow Kerberos database propagation via kprop.
|
|
.SH SEE ALSO
|
|
Index: krb5-1.10.2/src/slave/kprop.M
|
|
===================================================================
|
|
--- krb5-1.10.2.orig/src/slave/kprop.M
|
|
+++ krb5-1.10.2/src/slave/kprop.M
|
|
@@ -39,7 +39,7 @@ Kerberos server to a slave Kerberos serv
|
|
This is done by transmitting the dumped database file to the slave
|
|
server over an encrypted, secure channel. The dump file must be created
|
|
by kdb5_util, and is normally KPROP_DEFAULT_FILE
|
|
-(/usr/local/var/krb5kdc/slave_datatrans).
|
|
+(@manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
.SH OPTIONS
|
|
.TP
|
|
\fB\-r\fP \fIrealm\fP
|
|
@@ -51,7 +51,7 @@ is used.
|
|
\fB\-f\fP \fIfile\fP
|
|
specifies the filename where the dumped principal database file is to be
|
|
found; by default the dumped database file is KPROP_DEFAULT_FILE
|
|
-(normally /usr/local/var/krb5kdc/slave_datatrans).
|
|
+(normally @manlocalstatedir@/krb5kdc/slave_datatrans).
|
|
.TP
|
|
\fB\-P\fP \fIport\fP
|
|
specifies the port to use to contact the
|