From 6197407f586157db2f468b76836422fec40a8c74 Mon Sep 17 00:00:00 2001 From: Nalin Dahyabhai Date: Wed, 16 Jul 2008 18:09:47 +0000 Subject: [PATCH] - clear fuzz out of patches, dropping a man page patch which is no longer necessary --- krb5-1.2.7-reject-bad-transited.patch | 18 ------------------ krb5-1.6.1-pam.patch | 2 +- ...lpass.patch => krb5-1.6.3-login-lpass.patch | 2 +- krb5-CVE-2008-0947.patch | 2 +- krb5-trunk-doublelog.patch | 4 ++-- krb5-trunk-manpaths.patch | 2 +- krb5.spec | 8 +++++--- 7 files changed, 11 insertions(+), 27 deletions(-) delete mode 100644 krb5-1.2.7-reject-bad-transited.patch rename krb5-1.2.7-login-lpass.patch => krb5-1.6.3-login-lpass.patch (96%) diff --git a/krb5-1.2.7-reject-bad-transited.patch b/krb5-1.2.7-reject-bad-transited.patch deleted file mode 100644 index b4c26b0..0000000 --- a/krb5-1.2.7-reject-bad-transited.patch +++ /dev/null @@ -1,18 +0,0 @@ ---- krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:21.000000000 -0500 -+++ krb5-1.2.7/src/config-files/kdc.conf.M 2003-02-04 13:04:11.000000000 -0500 -@@ -138,6 +138,15 @@ - strings specifies the default key/salt combinations of principals for this - realm. - -+.IP reject_bad_transit -+This -+.B boolean string -+specifies whether or not the KDC should reject cross-realm TGS requests if the -+request's list of transited realms names realms which would not be included -+in the transit path if the path were to be computed using the KDC's krb5.conf -+file, or if the client requests that the KDC not perform such a check. The -+default is for this option to be enabled. -+ - .SH FILES - /usr/local/lib/krb5kdc/kdc.conf - diff --git a/krb5-1.6.1-pam.patch b/krb5-1.6.1-pam.patch index 392573e..46286ab 100644 --- a/krb5-1.6.1-pam.patch +++ b/krb5-1.6.1-pam.patch @@ -941,8 +941,8 @@ When enabled, ftpd, krshd, and login.krb5 gain dependence on libpam. +KRB5_WITH_PAM + AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) + V5_AC_OUTPUT_MAKEFILE(. - mansysconfdir=$sysconfdir --- krb5-1.6.1/src/config/pre.in 2007-06-21 17:39:57.000000000 -0400 +++ krb5-1.6.1/src/config/pre.in 2007-06-21 17:39:57.000000000 -0400 @@ -180,6 +180,7 @@ SRVLIBS = @SRVLIBS@ diff --git a/krb5-1.2.7-login-lpass.patch b/krb5-1.6.3-login-lpass.patch similarity index 96% rename from krb5-1.2.7-login-lpass.patch rename to krb5-1.6.3-login-lpass.patch index 1caade6..4677d49 100644 --- a/krb5-1.2.7-login-lpass.patch +++ b/krb5-1.6.3-login-lpass.patch @@ -5,7 +5,7 @@ stop truncating it. Are there platforms where the input string *is* modified? --- krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:34.000000000 -0500 +++ krb5-1.2.7/src/appl/bsd/login.c 2005-11-15 16:20:29.000000000 -0500 @@ -461,17 +461,14 @@ - int unix_passwd_okay (pass) + static int unix_passwd_okay (pass) char *pass; { - char user_pwcopy[9], *namep; diff --git a/krb5-CVE-2008-0947.patch b/krb5-CVE-2008-0947.patch index 0a0183c..951f7ce 100644 --- a/krb5-CVE-2008-0947.patch +++ b/krb5-CVE-2008-0947.patch @@ -21,7 +21,7 @@ Patch from MITKRB5-SA-2008-002. - if (sock > svc_maxfd) - svc_maxfd = sock; } - + /* === src/lib/rpc/svc_tcp.c ================================================================== diff --git a/krb5-trunk-doublelog.patch b/krb5-trunk-doublelog.patch index 41db4d8..dd60feb 100644 --- a/krb5-trunk-doublelog.patch +++ b/krb5-trunk-doublelog.patch @@ -5,7 +5,7 @@ Index: src/include/Makefile.in =================================================================== --- src/include/Makefile.in (revision 20235) +++ src/include/Makefile.in (working copy) -@@ -67,7 +67,9 @@ +@@ -61,7 +61,9 @@ -e "s+@SBINDIR+$(SBINDIR)+" \ -e "s+@MODULEDIR+$(MODULE_DIR)+" \ -e 's+@LOCALSTATEDIR+$(LOCALSTATEDIR)+' \ @@ -14,5 +14,5 @@ Index: src/include/Makefile.in + -e 's+:/etc/krb5.conf:/etc/krb5.conf"+:/etc/krb5.conf"+' \ + -e 's+"/etc/krb5.conf:/etc/krb5.conf"+"/etc/krb5.conf"+' - OSCONFSRC = $(srcdir)/osconf.hin + OSCONFSRC = $(srcdir)/stock/osconf.h diff --git a/krb5-trunk-manpaths.patch b/krb5-trunk-manpaths.patch index bbd34c0..b71ef72 100644 --- a/krb5-trunk-manpaths.patch +++ b/krb5-trunk-manpaths.patch @@ -52,7 +52,7 @@ Index: configure.in --- configure.in (revision 19589) +++ configure.in (working copy) @@ -986,6 +986,73 @@ - AC_CONFIG_SUBDIRS(appl/libpty appl/bsd appl/gssftp appl/telnet) + KRB5_WITH_PAM AC_CONFIG_FILES(krb5-config, [chmod +x krb5-config]) + diff --git a/krb5.spec b/krb5.spec index 5983d3a..12d45e7 100644 --- a/krb5.spec +++ b/krb5.spec @@ -61,7 +61,6 @@ Patch12: krb5-1.4-ktany.patch Patch13: krb5-1.3-large-file.patch Patch14: krb5-1.3-ftp-glob.patch Patch16: krb5-1.6-buildconf.patch -Patch18: krb5-1.2.7-reject-bad-transited.patch Patch23: krb5-1.3.1-dns.patch Patch26: krb5-1.3.2-efence.patch Patch27: krb5-1.3.3-rcp-sendlarge.patch @@ -73,7 +72,7 @@ Patch35: krb5-1.5-fclose.patch Patch36: krb5-1.3.3-rcp-markus.patch Patch39: krb5-1.4.1-api.patch Patch40: krb5-1.4.1-telnet-environ.patch -Patch41: krb5-1.2.7-login-lpass.patch +Patch41: krb5-1.6.3-login-lpass.patch Patch44: krb5-1.4.3-enospc.patch Patch47: krb5-1.6-sort-of-static.patch Patch51: krb5-1.6-ldap-init.patch @@ -232,6 +231,10 @@ to obtain initial credentials from a KDC using a private key and a certificate. %changelog +* Wed Jul 16 2008 Nalin Dahyabhai +- clear fuzz out of patches, dropping a man page patch which is no longer + necessary + * Fri Jul 11 2008 Nalin Dahyabhai 1.6.3-15 - build with -fno-strict-aliasing, which is needed because the library triggers these warnings @@ -1337,7 +1340,6 @@ popd %patch13 -p1 -b .large-file %patch14 -p1 -b .ftp-glob %patch16 -p1 -b .buildconf -%patch18 -p1 -b .reject-bad-transited %patch23 -p1 -b .dns # Removes a malloc(0) case, nothing more. # %patch26 -p1 -b .efence