rpms/krb5
7
0
Fork 0
Code Issues Pull Requests Releases Activity

auto-import krb5-1.2.5-5 from krb5-1.2.5-5.src.rpm

Browse Source
This commit is contained in:
cvsdist 2004-09-09 07:12:05 +00:00
parent e438a6ddbd
commit 07595710c6
6 changed files with 41 additions and 120 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
.cvsignore
View File

@ -1,2 +1 @@
2003-004-krb4_patchkit.tar.gz krb5-1.2.5.tar.gz
krb5-1.2.4.tar.gz

2
kdc.conf
View File

@ -7,5 +7,5 @@
[realms] [realms]
EXAMPLE.COM = { EXAMPLE.COM = {
master_key_type = des-cbc-crc master_key_type = des-cbc-crc
supported_enctypes = des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm supported_enctypes = des3-cbc-raw:normal des3-cbc-raw:norealm des3-cbc-raw:onlyrealm des3-cbc-sha1:normal des3-cbc-sha1:norealm des3-cbc-sha1:onlyrealm des-cbc-crc:v4 des-cbc-crc:afs3 des-cbc-crc:normal des-cbc-crc:norealm des-cbc-crc:onlyrealm des-cbc-md4:v4 des-cbc-md4:afs3 des-cbc-md4:normal des-cbc-md4:norealm des-cbc-md4:onlyrealm des-cbc-md5:v4 des-cbc-md5:afs3 des-cbc-md5:normal des-cbc-md5:norealm des-cbc-md5:onlyrealm des-cbc-raw:v4 des-cbc-raw:afs3 des-cbc-raw:normal des-cbc-raw:norealm des-cbc-raw:onlyrealm des-cbc-sha1:v4 des-cbc-sha1:afs3 des-cbc-sha1:normal des-cbc-sha1:norealm des-cbc-sha1:onlyrealm
} }

18
krb5-1.2.7-reject-bad-transited.patch
View File

@ -1,18 +0,0 @@
--- krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:21.000000000 -0500
+++ krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:11.000000000 -0500
@@ -138,6 +138,15 @@
strings specifies the default key/salt combinations of principals for this
realm.
+.IP reject_bad_transit
+This
+.B boolean string
+specifies whether or not the KDC should reject cross-realm TGS requests if the
+request's list of transited realms names realms which would not be included
+in the transit path if the path were to be computed using the KDC's krb5.conf
+file, or if the client requests that the KDC not perform such a check. The
+default is for this option to be enabled.
+
.SH FILES
/usr/local/lib/krb5kdc/kdc.conf

4
krb5.csh
View File

@ -1,7 +1,7 @@
if ( /usr/kerberos/bin !~ "${path}" ) then if ( "${path}" !~ */usr/kerberos/bin* ) then
set path = ( /usr/kerberos/bin $path ) set path = ( /usr/kerberos/bin $path )
endif endif
if ( /usr/kerberos/sbin !~ "${path}" ) then if ( "${path}" !~ */usr/kerberos/sbin* ) then
if ( `id -u` == 0 ) then if ( `id -u` == 0 ) then
set path = ( /usr/kerberos/sbin $path ) set path = ( /usr/kerberos/sbin $path )
endif endif

131
krb5.spec
View File

@ -1,31 +1,30 @@
%define prefix %{_prefix}/kerberos %define prefix %{_prefix}/kerberos
%define statglue 1 %define statglue 0
Summary: The Kerberos network authentication system. Summary: The Kerberos network authentication system.
Name: krb5 Name: krb5
Version: 1.2.4 Version: 1.2.5
Release: 11 Release: 5
Source0: krb5-%{version}.tar.gz Source0: krb5-%{version}.tar.gz
Source1: kpropd.init Source1: krb5-%{version}.tar.gz.asc
Source2: krb524d.init Source2: kpropd.init
Source3: kadmind.init Source3: krb524d.init
Source4: krb5kdc.init Source4: kadmind.init
Source5: krb5.conf Source5: krb5kdc.init
Source6: krb5.sh Source6: krb5.conf
Source7: krb5.csh Source7: krb5.sh
Source8: kdcrotate Source8: krb5.csh
Source9: kdc.conf Source9: kdcrotate
Source10: kadm5.acl Source10: kdc.conf
Source11: krsh Source11: kadm5.acl
Source12: krlogin Source12: krsh
Source13: eklogin.xinetd Source13: krlogin
Source14: klogin.xinetd Source14: eklogin.xinetd
Source15: kshell.xinetd Source15: klogin.xinetd
Source16: krb5-telnet.xinetd Source16: kshell.xinetd
Source17: gssftp.xinetd Source17: krb5-telnet.xinetd
Source18: gssftp.xinetd
Source19: statglue.c Source19: statglue.c
Source20: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.tar.gz
Source21: http://web.mit.edu/kerberos/www/advisories/2003-004-krb4_patchkit.sig
Patch0: krb5-1.1-db.patch Patch0: krb5-1.1-db.patch
Patch1: krb5-1.1.1-tiocgltc.patch Patch1: krb5-1.1.1-tiocgltc.patch
Patch2: krb5-1.1.1-libpty.patch Patch2: krb5-1.1.1-libpty.patch
@ -49,19 +48,7 @@ Patch20: krb5-1.2.2-by-address.patch
Patch21: http://lite.mit.edu/krb5-1.2.2-ktany.patch Patch21: http://lite.mit.edu/krb5-1.2.2-ktany.patch
Patch22: krb5-1.2.2-logauth.patch Patch22: krb5-1.2.2-logauth.patch
Patch23: krb5-1.2.2-size.patch Patch23: krb5-1.2.2-size.patch
Patch24: http://web.mit.edu/kerberos/www/advisories/2002-001-xdr_array_patch.txt Patch24: krb5-1.2.5-db2-configure.patch
Patch25: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2002-002-kadm4.txt
Patch26: gssftp-patch
Patch27: krb5-1.2.6-dnsparse.patch
Patch28: krb5-1.2.7-errno.patch
Patch29: krb5-SA-2003-001-1.patch
Patch30: krb5-SA-2003-001-4.patch
Patch32: krb5-1.2.7-reject-bad-transited.patch
Patch33: krb5-crawford.patch
Patch34: krb5-1.2.4-princ_size.patch
Patch35: krb5-1.2.7-underrun.patch
Patch36: http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2003-003-xdr.txt
Patch37: krb5-1.2.2-krb524-double-free.patch
License: MIT, freely distributable. License: MIT, freely distributable.
URL: http://web.mit.edu/kerberos/www/ URL: http://web.mit.edu/kerberos/www/
Group: System Environment/Libraries Group: System Environment/Libraries
@ -123,49 +110,21 @@ network uses Kerberos, this package should be installed on every
workstation. workstation.
%changelog %changelog
* Fri Mar 21 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-11 * Tue Jul 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-5
- fix double-free of enc_part2 in krb524d - fix bug in krb5.csh which would cause the path check to always succeed
- update to latest patch kit for MITKRB5-SA-2003-004
* Wed Mar 19 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-10 * Fri Jul 19 2002 Jakub Jelinek <jakub@redhat.com> 1.2.5-4
- add patch included in MITKRB5-SA-2003-003 (CAN-2003-0028) - build even libdb.a with -fPIC and $RPM_OPT_FLAGS.
* Mon Mar 17 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-9 * Fri Jun 21 2002 Tim Powers <timp@redhat.com>
- add patches from patchkit from MITKRB5-SA-2003-004 (CAN-2003-0138 and - automated rebuild
CAN-2003-0139)
* Thu Mar 6 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-8 * Sun May 26 2002 Tim Powers <timp@redhat.com>
- fix buffer underrun in unparsing certain principals (CAN-2003-0082) - automated rebuild
* Wed Feb 26 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-7 * Wed May 1 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.5-1
- add patch to fix server-side crashes when principals have no - update to 1.2.5
components (CAN-2003-0072) - disable statglue
* Mon Feb 24 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-6
- add patch from Matt Crawford for encoding transited realms properly
* Wed Feb 5 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-5
- sync compiler flags for configure and make with other versions
* Tue Feb 4 2003 Nalin Dahyabhai <nalin@redhat.com>
- add patch to document the reject-bad-transited option in kdc.conf
* Thu Jan 30 2003 Nalin Dahyabhai <nalin@redhat.com>
- add candidate backport for MITKRB5-SA-2003-001 parts 1,4
- add candidate backports for CAN-2002-0036, CAN-2002-059
(CAN-2002-058 was fixed in 1.2.3, CAN-2002-060 was fixed in 1.1.1-7 or so)
* Thu Jan 23 2003 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-4
- add patch from Mark Cox for exploitable bugs in ftp client
- add patch to avoid buffer read overruns when configuring via DNS
- add patch to properly include <errno.h>
* Wed Oct 23 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-3
- add patch from Tom Yu for exploitable bugs in kadmind4
- remove raw keys from the default kdc.conf
* Fri Aug 2 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-2
- add patch from Tom Yu for exploitable bugs in rpc code used in kadmind
* Fri Mar 1 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-1 * Fri Mar 1 2002 Nalin Dahyabhai <nalin@redhat.com> 1.2.4-1
- update to 1.2.4 - update to 1.2.4
@ -511,7 +470,7 @@ workstation.
- added --force to makeinfo commands to skip errors during build - added --force to makeinfo commands to skip errors during build
%prep %prep
%setup -q -a 20 %setup -q
%patch0 -p0 -b .db %patch0 -p0 -b .db
%patch1 -p0 -b .tciogltc %patch1 -p0 -b .tciogltc
%patch2 -p0 -b .libpty %patch2 -p0 -b .libpty
@ -537,27 +496,9 @@ workstation.
%patch21 -p1 -b .ktany %patch21 -p1 -b .ktany
%patch22 -p1 -b .logauth %patch22 -p1 -b .logauth
%patch23 -p1 -b .size %patch23 -p1 -b .size
pushd src/lib/rpc %patch24 -p1 -b .db2-configure
%patch24 -p0 -b .xdr
popd
pushd src/kadmin/v4server
%patch25 -p0 -b .kadmind
popd
%patch26 -p1 -b .gssftp-patch
%patch27 -p1 -b .dnsparse
%patch28 -p1 -b .errno
%patch29 -p1 -b .krb5-SA-2003-001-1
%patch30 -p1 -b .krb5-SA-2003-001-4
%patch32 -p1 -b .reject-bad-transited
%patch33 -p1 -b .crawford
%patch34 -p1 -b .princ_size
%patch35 -p1 -b .underrun
patch -sp0 -b -z .2003-004-krb4 < 2003-004-krb4_patchkit/patch.1.2.0
pushd src/lib/rpc
%patch36 -p0 -b .2003-003
popd
%patch37 -p1 -b .double-free
(cd src/util/db2; autoconf )
%if %{statglue} %if %{statglue}
cp $RPM_SOURCE_DIR/statglue.c src/util/profile/statglue.c cp $RPM_SOURCE_DIR/statglue.c src/util/profile/statglue.c
%endif %endif

3
sources
View File

@ -1,2 +1 @@
88d770f2de2c1bd842b511f47002a807 2003-004-krb4_patchkit.tar.gz 980c7935b27281e65367c538366776ab krb5-1.2.5.tar.gz
663add9b5942be74a86fa860a3fa4167 krb5-1.2.4.tar.gz