- update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469

- when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig file for the service, pass it as an argument for the -r flag
2005-05-06 20:16:06 +00:00 · 2005-05-06 20:16:06 +00:00 · 2e8f6b3b97
commit 2e8f6b3b97
parent 9142032a6f
8 changed files with 24 additions and 20 deletions
--- a/.cvsignore
+++ b/.cvsignore
@ -5,3 +5,5 @@ krb5-1.3.6.tar.gz
 krb5-1.3.6.tar.gz.asc
 krb5-1.4.tar.gz
 krb5-1.4.tar.gz.asc
 krb5-1.4.1.tar.gz
 krb5-1.4.1.tar.gz.asc
--- a/kadmin.sysconfig
+++ b/kadmin.sysconfig
@ -1 +1,2 @@
 KADMIND_ARGS=
 KRB5REALM=
--- a/kadmind.init
+++ b/kadmind.init
@ -37,12 +37,12 @@ start() {
 	else
  	    if [ ! -f /var/kerberos/krb5kdc/kadm5.keytab ] ; then
 		echo -n $"Extracting kadm5 Service Keys: "
-		/usr/kerberos/sbin/kadmin.local -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin kadmin/changepw" && success || failure
+		/usr/kerberos/sbin/kadmin.local ${KRB5REALM:+-r $KRB5REALM} -q "ktadd -k /var/kerberos/krb5kdc/kadm5.keytab kadmin/admin${KRB5REALM:+@$KRB5REALM} kadmin/changepw${KRB5REALM:+@$KRB5REALM}" && success || failure
 		echo
 	    fi
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${kadmind} $KADMIND_ARGS
+	daemon ${kadmind} ${KRB5REALM:+-r ${KRB5REALM}} $KADMIND_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/kadmin
--- a/krb5-1.3-rlogind-environ.patch
+++ b/krb5-1.3-rlogind-environ.patch
@ -36,16 +36,16 @@ KRB5CCNAME, which we set ourselves.
         fatalperror(f, "failed make_sane_hostname");
     if (passwd_req)
 -        execl(login_program, "login", "-p", "-h", rhost_sane,
-          lusername, 0);
+-          lusername, (char *)NULL);
 +        execle(login_program, "login", "-p", "-h", rhost_sane,
 +          lusername, NULL, bare_environ);
     else
 -        execl(login_program, "login", "-p", "-h", rhost_sane,
-             "-f", lusername, 0);
+-             "-f", lusername, (char *)NULL);
 +        execle(login_program, "login", "-p", "-h", rhost_sane,
 +             "-f", lusername, NULL, bare_environ);
 #else /* USE_LOGIN_F */
-	execl(login_program, "login", "-r", rhost_sane, 0);
+-	execl(login_program, "login", "-r", rhost_sane, (char *)NULL);
 +	execle(login_program, "login", "-r", rhost_sane, NULL, bare_environ);
 #endif /* USE_LOGIN_F */
 	syslog(LOG_ERR, "failed exec of %s: %s",
--- a/krb5.spec
+++ b/krb5.spec
@ -6,10 +6,10 @@
 Summary: The Kerberos network authentication system.
 Name: krb5
-Version: 1.4
+Version: 1.4.1
-Release: 3
+Release: 1
 # Maybe we should explode from the now-available-to-everybody tarball instead?
-# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4-signed.tar
+# http://web.mit.edu/kerberos/dist/krb5/1.4/krb5-1.4.1-signed.tar
 Source0: krb5-%{version}.tar.gz
 Source1: krb5-%{version}.tar.gz.asc
 Source2: kpropd.init
@ -60,7 +60,6 @@ Patch28: krb5-1.3.5-gethostbyname_r.patch
 Patch29: krb5-1.3.5-kprop-mktemp.patch
 Patch30: krb5-1.3.4-send-pr-tempfile.patch
 Patch32: krb5-1.4-ncurses.patch
 Patch33: krb5-MITKRB5SA-2005-001.patch
 License: MIT, freely distributable.
 URL: http://web.mit.edu/kerberos/www/
 Group: System Environment/Libraries
@ -125,7 +124,11 @@ network uses Kerberos, this package should be installed on every
 workstation.
 %changelog
-# - XXX krb5_init_ets is gone now, what to do?
+* Fri May  6 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4.1-1
 - update to 1.4.1, incorporating fixes for CAN-2005-0468 and CAN-2005-0469
 - when starting the KDC or kadmind, if KRB5REALM is set via the /etc/sysconfig
  file for the service, pass it as an argument for the -r flag
 * Wed Mar 23 2005 Nalin Dahyabhai <nalin@redhat.com> 1.4-3
 - drop krshd patch for now
@ -815,9 +818,6 @@ workstation.
 %patch29 -p1 -b .kprop-mktemp
 %patch30 -p1 -b .send-pr-tempfile
 %patch32 -p1 -b .ncurses
 pushd src/appl/telnet/telnet
 %patch33 -p0 -b .MITKRB5SA-2005-001
 popd
 cp src/krb524/README README.krb524
 find . -type f -name "*.info-dir" -exec rm -fv "{}" ";"
 gzip doc/*.ps
@ -980,7 +980,7 @@ fi
 %config(noreplace) /etc/xinetd.d/*
-%doc doc/krb5-user*.html doc/user*.ps.gz src/config-files/services.append
+%doc doc/krb5-user/*.html doc/user*.ps.gz src/config-files/services.append
 %doc doc/{ftp,kdestroy,kinit,klist,kpasswd,ksu,rcp,rlogin,rsh,telnet}.html
 %attr(0755,root,root) %doc src/config-files/convert-config-files
 %{_infodir}/krb5-user.info*
@ -1059,9 +1059,9 @@ fi
 %config(noreplace) /etc/sysconfig/kadmin
 %config(noreplace) /etc/sysconfig/krb524
-%doc doc/admin*.ps.gz doc/krb5-admin*.html
+%doc doc/admin*.ps.gz doc/krb5-admin/*.html
-%doc doc/krb425*.ps.gz doc/krb425*.html
+%doc doc/krb425*.ps.gz doc/krb425/*.html
-%doc doc/install*.ps.gz doc/krb5-install*.html
+%doc doc/install*.ps.gz doc/krb5-install/*.html
 %doc README.krb524
 %{_infodir}/krb5-admin.info*
--- a/krb5kdc.init
+++ b/krb5kdc.init
@ -32,7 +32,7 @@ start() {
 	    exit 0
 	fi
 	echo -n $"Starting $prog: "
-	daemon ${krb5kdc} $KRB5KDC_ARGS
+	daemon ${krb5kdc} ${KRB5REALM:+-r ${KRB5REALM}} $KRB5KDC_ARGS
 	RETVAL=$?
 	echo
 	[ $RETVAL = 0 ] && touch /var/lock/subsys/krb5kdc
--- a/krb5kdc.sysconfig
+++ b/krb5kdc.sysconfig
@ -1 +1,2 @@
 KRB5KDC_ARGS=
 KRB5REALM=
--- a/4
+++ b/4
@ -1,2 +1,2 @@
-64f54aaf2f791bc2d689e3ce07874116  krb5-1.4.tar.gz
+872bb55e6877d43ac8dd05f46eed62a5  krb5-1.4.1.tar.gz
-c46d18bf4c643692ee2bdac13b52ff95  krb5-1.4.tar.gz.asc
+d9778c6956ed2981fd1fcced5f9fec05  krb5-1.4.1.tar.gz.asc
`@ -1,2 +1,2 @@`
	`64f54aaf2f791bc2d689e3ce07874116 krb5-1.4.tar.gz`	`872bb55e6877d43ac8dd05f46eed62a5 krb5-1.4.1.tar.gz`
	`c46d18bf4c643692ee2bdac13b52ff95 krb5-1.4.tar.gz.asc`	`d9778c6956ed2981fd1fcced5f9fec05 krb5-1.4.1.tar.gz.asc`